home

helper.dll

Coffee and Comfort Apps, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module helper.dll by Coffee and Comfort Apps has been detected as adware by 14 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory.
Publisher:
Coffee and Comfort Apps, LLC  (signed and verified)

MD5:
6182e113c8578fb62e3f0c0e4483c619

SHA-1:
9ff4f8089447e7fcd6ae810ad95893945645d377

SHA-256:
e58f0ec60ba3472839ea6ee5b01d8eee3136eea0bf21f9551f9cba821696c1de

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/19/2024 2:12:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.143453
803

Agnitum Outpost
PUA.PullUpdate
7.1.1

Avira AntiVirus
TR/Graftor.143453.37
7.11.154.26

AVG
Downloader
2015.0.3281

Bitdefender
Gen:Variant.Adware.Graftor.143453
1.0.20.1640

Comodo Security
ApplicUnwnt
18496

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.143453
8.14.11.24.11

ESET NOD32
MSIL/Adware.PullUpdate (variant)
8.9921

Fortinet FortiGate
Adware/PullUpdate
11/24/2014

F-Secure
Gen:Variant.Adware.Graftor.143453
11.2014-24-11_2

G Data
Gen:Variant.Adware.Graftor.143453
14.11.24

MicroWorld eScan
Gen:Variant.Adware.Graftor.143453
15.0.0.984

Reason Heuristics
PUP.CoffeeandComfortApps.G
14.11.24.11

VIPRE Antivirus
MSIL.Adware.PullUpdate
30146

File size:
1.2 MB (1,308,536 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\helper.dll

Digital Signature
Signed by:
Coffee and Comfort Apps, LLC

Authority:
VeriSign, Inc.

Valid from:
3/23/2014 1:00:00 AM

Valid to:
6/23/2015 1:59:59 AM

Subject:
CN="Coffee and Comfort Apps, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Coffee and Comfort Apps, LLC", L=Grandville, S=Michigan, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E98B9455BCE81019FFCAF7FB2161D8B

File PE Metadata
Compilation timestamp:
6/2/2014 9:02:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:AFH0f7KGX8QvfasTaX+3kU7BwaHdC03CBor7O0wPWSnUUAbWXVX75MVV:AeGGX1fasTaX+3kU993D7O0cWSnUUiWK

Entry address:
0xD3C5D

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 17, DD, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, E8, D1, 11, 10, E8, 64, 6A, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 58, DF, 12, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, A0, 23, 10, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1016.5 KB (1,040,896 bytes)

Remove helper.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.