» helper.dll
Overview
Analysis
File Details
Programs (1)

helper.dll

Viber Media Inc.

The module helper.dll by Viber Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Viber by Viber Media Inc.

File name:

helper.dll

Publisher:

Viber Media Inc. (signed and verified)

MD5:

53ba2f024f015462fd2f2ab9ef42a256

SHA-1:

8991833db0fbf93e38c6c33ccb9d6ada942d6c23

SHA-256:

2554375a1fedb26111fa2d133a5083572bf1e0db6084d9532dd9dc247c3f18f5

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 7:01:07 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Search.Helper.Meta (M)

16.2.27.14

File size:

1.6 MB (1,713,160 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\helper.dll

Digital Signature

Signed by:

Viber Media Inc.

Authority:

Thawte, Inc.

Valid from:

3/28/2012 2:00:00 AM

Valid to:

3/29/2014 1:59:59 AM

Subject:

CN=Viber Media Inc., OU=DEV, O=Viber Media Inc., L=Panama, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

73C6D14119B06C7562CA81A8BEFDCED1

File PE Metadata

Compilation timestamp:

5/8/2013 12:19:22 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:ZIuMs5QvCK7JfbM50bH0SgK6JsQPzgOF/6DvnxOH8LEnge:ZIuMUeCP2iUOF/6DPxOH8Inge

Entry address:

0xAF7F3

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 3A, AF, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 60, FD, 12, 10, 00, 74, 05, E9, 8C, AF, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10... 
[+]

Entropy:

6.4610

Code size:

968.5 KB (991,744 bytes)

The file helper.dll has been discovered within the following program.

Viber by Viber Media Inc

Publisher's description - “Viber for Windows lets you send free messages and make free calls to other Viber users, on any device and network, in any country! Viber syncs your contacts, messages and call history with your mobile device. All the stickers from your mobile phone, now on your desktop.”

www.viber.com/products/windows

About 3% of users remove it

Remove helper.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.