» sfhelper-web-installer-e88c3e7fe0.exe
Overview
Analysis
File Details
Downloads (1)

sfhelper-web-installer-e88c3e7fe0.exe

Loader helper

The application sfhelper-web-installer-e88c3e7fe0.exe, “Loader helper Setup ” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from sf-helper.net.

File name:

Product:

Loader helper

Description:

Loader helper Setup

Version:

MD5:

41cd903e84c9600dd060df3feaca40ba

SHA-1:

6650c676536528c4230c60debdf89851afe1ecc3

SHA-256:

1a228577bc402bb9aa6004e1e4ddea7c3a758f9feb01679368bc467f5d89000d

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 8:43:31 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.WebInstaller (M)

16.7.26.10

File size:

901 KB (922,584 bytes)

Product version:

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\sfhelper-web-installer-e88c3e7fe0.exe

File PE Metadata

Compilation timestamp:

7/16/2015 3:24:20 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:WxGG2meqbYJJTigjOaL97kkj0W2XUTLvbi:7W1Y3zaaPj0FknO

Entry address:

0x113BC

Entry point:

60, 69, EF, AC, E7, CF, 28, 86, CA, 68, 8A, FB, 93, 00, 80, CD, 40, 0F, BF, E8, 0F, AF, DB, 4B, C7, C7, D2, CB, 7E, E1, F2, 0F, AF, FA, 87, D0, E8, 97, 00, 00, 00, 81, E1, 5C, 9D, 6F, D5, 0F, B6, DA, C7, C5, C1, 1F, 41, 29, 8D, 15, EC, ED, 61, F9, 81, FB, 45, 9C, 00, 00, 76, 08, FF, C1, F7, C0, 16, 0B, D4, 4A, 71, 0A, 86, FF, 69, DD, B1, DF, 30, 13, B7, 50, 81, F9, B7, 66, 00, 00, 70, 09, 38, DB, 8D, 3D, D3, 18, 2E, 97, F3, 52, 71, 06, 49, B9, B3, 19, 46, DB, 5A, C6, C3, 59, F6, C3, 0A, 8A, DC, 8D, 1D, 37... 
[+]

Code size:

63.5 KB (65,024 bytes)

The file sfhelper-web-installer-e88c3e7fe0.exe has been seen being distributed by the following URL.

http://sf-helper.net/download/.../SFHelper-Web-Installer-e88c3e7fe0.exe

Remove sfhelper-web-installer-e88c3e7fe0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.