home

helper.exe

SSH Scanner v3

NZXT

The executable helper.exe has been detected as malware by 30 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
mmosoft  (signed by NZXT)

Product:
SSH Scanner v3

Version:
1.0.0

MD5:
1864882cd6f8e55c265cf7a7e9e0dd3a

SHA-1:
7d1e2717cb0fc0bdc1b973566f9b6dd485a624ca

SHA-256:
09e4ca38c26f5fb517bc47d7a224d10c021d29ac6c484cbb5d65d08e56f9a89e

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
4/24/2024 12:39:13 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.16212359
36

AegisLab AV Signature
Troj.Msil.Agent!c
2.1.4+

AhnLab V3 Security
Malware/Win32.Generic.N1962964993
3.7.5.15

Avira AntiVirus
TR/Dropper.MSIL.lugf
8.3.3.4

Arcabit
Trojan.Generic.DF76187
1.0.0.742

avast!
Win32:Malware-gen
2014.9-161230

AVG
Atros3
2017.0.2514

Bitdefender
Trojan.Generic.16212359
1.0.20.1825

Bkav FE
W32.Clodbfb.Trojan
1.3.0.8108

Dr.Web
Trojan.DownLoader19.34409
9.0.1.0365

Emsisoft Anti-Malware
Trojan.Generic.16212359
8.16.12.30.12

ESET NOD32
MSIL/Kryptik.FLT (variant)
10.14019

Fortinet FortiGate
MSIL/Kryptik.FOU!tr
12/30/2016

F-Secure
Trojan.Generic.16212359
11.2016-30-12_6

G Data
Trojan.Generic.16212359
16.12.25

IKARUS anti.virus
Trojan.MSIL.Crypt
t3scan.2.1.6.0

K7 AntiVirus
Trojan
13.237.20683

Kaspersky
Trojan.MSIL.Agent
14.0.0.-935

McAfee
Artemis!1864882CD6F8
5600.6170

Microsoft Security Essentials
TrojanSpy:MSIL/Omaneat.B
1.1.13000.0

MicroWorld eScan
Trojan.Generic.16212359
17.0.0.1095

Panda Antivirus
Trj/GdSda.A
16.12.30.12

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1120

Rising Antivirus
Trojan.Generic-dEVoFiVfU4C (Cloud)
23.00.65.161228

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R00XC0DCT16
7.2.365

Trend Micro
TROJ_GEN.R00XC0DCT16
10.465.30

VIPRE Antivirus
Trojan.Win32.Generic
51830

ViRobot
Trojan.Win32.Z.Kryptik.862320[h]
2014.3.20.0

Zillya! Antivirus
Trojan.DropperCRTD.Win32.62
2.0.0.3025

File size:
842.1 KB (862,320 bytes)

Product version:
1.0.0

Copyright:
Copyright © 2015

Original file name:
SSHScanner-Crackedby Sameed.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\824103\helper.exe

Digital Signature
Signed by:
NZXT

Authority:
COMODO CA Limited

Valid from:
5/15/2014 7:00:00 AM

Valid to:
5/15/2016 6:59:59 AM

Subject:
CN=NZXT, O=NZXT, STREET=13164 E. Temple Ave, L=City of Industry, S=California, PostalCode=91746, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DF5B5005962FF49BD28940CBF0E191A0

File PE Metadata
Compilation timestamp:
3/22/2016 8:53:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0xCE47E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
820 KB (839,680 bytes)

Scheduled Task
Task name:
Computer Helper

Trigger:
Logon (Runs on logon)


Remove helper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.