home

iehelper.exe

Creative Island Media, LLC

This adware background process is controlled and started by the Updater.exe executable (if the process is stopped the updater will restart it) and is desigend to install the BHO/toolbar within the Internet Explorer web borwser and inject and popup various types of ad formats including pop-ups, inline text links and banners. IeHelper is packaged with one of many a branded adware applications (websteriods), from Injekt. The application iehelper.exe by Creative Island Media has been detected as adware by 11 anti-malware scanners.
Publisher:
WatchDog  (signed by Creative Island Media, LLC)

Product:
WatchDog

Version:
3, 0, 0, 1

MD5:
37273346819c0b7a05bd4444937c95c3

SHA-1:
704f831e1c89c494d52d13f65365035c5ea11256

SHA-256:
ae0bb2accbb8f1cc1da5e7328af4630cfdd2bc30d8434c4348e73bb9102ef3f4

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/26/2024 5:59:06 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NUF
1033

Bitdefender
Adware.Agent.NUF
1.0.20.490

Emsisoft Anti-Malware
Adware.Agent.NUF
8.14.04.08.11

F-Secure
Adware.Agent.NUF
11.2014-08-04_3

G Data
Adware.Agent.NUF
14.4.22

IKARUS anti.virus
AdWare.Agent
t3scan.2.2.29

Malwarebytes
PUP.Optional.SearchDonkey.A
v2014.04.08.11

MicroWorld eScan
Adware.Agent.NUF
15.0.0.294

Reason Heuristics
PUP.CreativeIslandMedia.I
14.8.7.20

Trend Micro House Call
TROJ_GEN.F47V1205
7.2.98

VIPRE Antivirus
SearchDonkey
24576

File size:
416.9 KB (426,872 bytes)

Product version:
3, 0, 0, 1

Original file name:
dog.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\rhelpers\iehelper\iehelper.exe

Digital Signature
Signed by:
Creative Island Media, LLC

Authority:
VeriSign, Inc.

Valid from:
5/20/2013 5:00:00 PM

Valid to:
5/21/2014 4:59:59 PM

Subject:
CN="Creative Island Media, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Creative Island Media, LLC", L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
68F23F4D2767F6491DEA9186F2E5CB89

File PE Metadata
Compilation timestamp:
11/19/2013 8:28:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:klGc5MD0gF+QKrWIz3HKrgFU6F19m1/yREanFpw8ekqfwcQ5x:klGcWF+TWk3q01I/xKFsBwc2x

Entry address:
0x300F2

Entry point:
E8, 28, D9, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, 3C, F5, 70, B9, 45, 00, 00, 75, 13, 56, E8, 71, 00, 00, 00, 59, 85, C0, 75, 08, 6A, 11, E8, C4, 5A, 00, 00, 59, FF, 34, F5, 70, B9, 45, 00, FF, 15, 7C, B0, 44, 00, 5E, 5D, C3, 56, 57, BE, 70, B9, 45, 00, 8B, FE, 53, 8B, 1F, 85, DB, 74, 17, 83, 7F, 04, 01, 74, 11, 53, FF, 15, 84, B0, 44, 00, 53, E8, 31, BF, FF, FF, 83, 27, 00, 59, 83, C7, 08, 81, FF, 90, BA, 45, 00, 7C, D8, 5B, 83, 3E, 00, 74, 0E, 83, 7E, 04, 01, 75, 08, FF, 36, FF, 15...
 
[+]

Entropy:
6.4201

Code size:
294.5 KB (301,568 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.betterxperience.com  (54.218.62.24:80)

TCP (HTTP):
Connects to d.pullupdate.com  (54.230.15.37:80)

TCP (HTTP):
Connects to d.betterxperience.com  (54.230.13.123:80)

 
http://d.betterxperience.com/updater/dedu.txt

Remove iehelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.