» helper.exe
Overview
Analysis
File Details

helper.exe

Firefox

Mozilla Corporation

The executable helper.exe has been detected as malware by 11 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

helper.exe

Publisher:

Mozilla Corporation

Product:

Firefox

Description:

Firefox Helper

Version:

37.0.2

MD5:

75450dc47178e4ac74e3ade4ed6bb658

SHA-1:

75ee7ff0319bc65181f4aba45459eb818cdb9af2

SHA-256:

4d8e7ffc03e27145f53a419481e0d80a4b0c4911e9a2b3d3023c6cf69114853b

Scanner detections:

11 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 9:49:31 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

551

Avira AntiVirus

W32/Sality.AT

7.11.30.172

avast!

SaliCode

2014.9-150803

AVG

Win32/Sality

2016.0.3029

Dr.Web

Win32.Sector.30

9.0.1.0215

Emsisoft Anti-Malware

Win32.Sality

8.15.08.03.05

ESET NOD32

Win32/Sality.NBA virus

9.7.0.302.0

F-Prot

W32/Sality.gen2

v6.4.6.5.141

F-Secure

Win32.Sality.3

11.2015-03-08_2

McAfee

Virus.W32/Sality.gen.z

5600.6685

VIPRE Antivirus

Threat.4721115

39354

File size:

995 KB (1,018,832 bytes)

Product version:

37.0.2

Mozilla Corporation

Trademarks:

Firefox is a Trademark of The Mozilla Foundation.

Original file name:

helper.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\mozilla firefox\uninstall\helper.exe

File PE Metadata

Compilation timestamp:

4/10/2010 3:19:38 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:azJ0p4LmjgVRi7a4aKvkTgXuquveY+W2o8oT3ezMrl9cekcHhXh9HJUiWUXsmqse:aRi0VRiNaKvkTgXuquveY+W2o8oT3ezR

Entry address:

0x3415

Entry point:

60, 1A, CA, 0F, B7, CE, 3C, 32, 50, 8D, 2D, 50, 7C, 58, 7C, 8B, D0, 86, E5, 73, 07, 25, FA, E0, C9, CC, FF, C0, C7, C5, FC, 88, 71, E7, 86, C0, 8D, 15, BB, 28, B2, 69, 8D, 0D, 8C, 78, C0, 0F, 68, A4, EF, FD, FF, 25, EA, EF, 08, D0, 5F, F6, C6, EB, F6, C3, 17, 81, C7, A9, 01, 00, 00, 77, 05, 0F, AF, F1, 2B, C9, 0F, C1, FB, 8D, 0D, 08, 71, E6, 1D, 85, C1, 0F, AF, D3, 81, C3, 17, B4, 02, 00, 01, CF, 81, C1, 4B, 27, C2, 14, 74, 05, FF, CB, 0F, AF, E8, 85, F8, 81, FF, EA, A0, 00, 00, 70, 06, 81, F7, 93, E0, C4... 
[+]

Entropy:

5.6460

Code size:

26 KB (26,624 bytes)

Remove helper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.