» install_helper.exe
Overview
Analysis
File Details

install_helper.exe

The application install_helper.exe has been detected as a potentially unwanted program by 5 anti-malware scanners.

File name:

install_helper.exe

MD5:

c251b5e28a0f6660c3c57a8036062562

SHA-1:

784911dd2f7904388ce24bd11e6da12801c8bc8a

SHA-256:

72477d117f0898d9888635a79da699c6fd1f53d24e230c50a305906349b0721b

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

This service will prevent resources from modifying the web browser's home and search pages as well as the search provider set by the product, an affiliate search engine partner.

Analysis date:

4/19/2024 10:00:56 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

PUA.Win32.bProtector

4.0.3.141221

ESET NOD32

Win32/bProtector.H potentially unwanted application

7.0.302.0

McAfee

Artemis!C251B5E28A0F

5600.6818

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Trend Micro House Call

Suspicious_GEN.F47V1222

7.2.82

File size:

826 KB (845,824 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\install_helper.exe

File PE Metadata

Compilation timestamp:

9/19/2013 4:45:04 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:R61C32O7eCRDWULTC390tzTR5NBk2U5arqCO+P2EWTFB:uUsOtzTR5NBW4qCO+eEWTF

Entry address:

0x82C9E

Entry point:

E8, 64, B9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 56, 8D, 45, FC, 50, FF, 75, 0C, FF, 75, 08, E8, E0, B9, 00, 00, 8B, F0, 83, C4, 0C, 85, F6, 75, 18, 39, 45, FC, 74, 13, E8, 5F, 0C, 00, 00, 85, C0, 74, 0A, E8, 56, 0C, 00, 00, 8B, 4D, FC, 89, 08, 8B, C6, 5E, C9, C3, 8B, FF, 55, 8B, EC, 83, EC, 14, 56, 8B, 75, 08, 57, 33, FF, 89, 7D, F8, 89, 7D, F4, 89, 7D, FC, 3B, F7, 75, 13, E8, 2B, 0C, 00, 00, 6A, 16, 5E, 89, 30, E8, 37, 5A, 00, 00, 8B, C6, EB, 54, 53, 6A, 24, 68, FF, 00, 00... 
[+]

Entropy:

6.6946

Code size:

632.5 KB (647,680 bytes)

Remove install_helper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.