× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 3f5c096136acc066c81b5c15feb96d04bda69d0ff3708ee80b7eb2bed70d4e34
File name: dbghelp.exe
Detection ratio: 13 / 42
Analysis date: 2012-04-18 16:26:11 UTC ( 5 years, 5 months ago ) View latest
Antivirus Result Update
AVG Crypt.ASIF 20120418
BitDefender Trojan.Generic.7424808 20120418
Comodo UnclassifiedMalware 20120418
Emsisoft Trojan.Crypt!IK 20120418
F-Secure Trojan.Generic.7424808 20120418
GData Trojan.Generic.7424808 20120418
Ikarus Trojan.Crypt 20120418
McAfee Generic.dx!bdrq 20120418
McAfee-GW-Edition Generic.dx!bdrq 20120418
NOD32 MSIL/Agent.NNB 20120418
Norman W32/SmallTroj.AADXX 20120418
nProtect Trojan.Generic.7424808 20120418
VIPRE Trojan.Win32.Generic!BT 20120418
AhnLab-V3 20120417
AntiVir 20120418
Antiy-AVL 20120418
Avast 20120418
ByteHero 20120417
CAT-QuickHeal 20120418
ClamAV 20120418
Commtouch 20120418
DrWeb 20120418
eSafe 20120417
eTrust-Vet 20120418
F-Prot 20120417
Fortinet 20120418
Jiangmin 20120418
K7AntiVirus 20120417
Kaspersky 20120418
Microsoft 20120418
Panda 20120418
PCTools 20120418
Rising 20120417
Sophos AV 20120418
SUPERAntiSpyware 20120402
Symantec 20120418
TheHacker 20120418
TrendMicro 20120418
TrendMicro-HouseCall 20120418
VBA32 20120418
ViRobot 20120418
VirusBuster 20120418
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
(c) Microsoft Corporation. All rights reserved.

Publisher Microsoft Corporation
Product Debugging Tools for Windows(R)
Original name DBGHELP.DLL
Internal name DBGHELP.DLL
File version 6.5.0003.7 (vbl_core_fbrel(jshay).050527-1915)
Description Windows Image Helper
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-13 09:21:16
Entry Point 0x00002ADA
Number of sections 3
PE sections
PE imports
_CorExeMain
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
5120

ImageVersion
0.0

ProductName
Debugging Tools for Windows(R)

FileVersionNumber
6.5.3.7

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
8.0

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
6.5.0003.7 (vbl_core_fbrel(jshay).050527-1915)

TimeStamp
2012:03:13 10:21:16+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DBGHELP.DLL

ProductVersion
6.5.0003.7

FileDescription
Windows Image Helper

OSVersion
4.0

OriginalFilename
DBGHELP.DLL

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
3072

FileSubtype
0

ProductVersionNumber
6.5.3.7

EntryPoint
0x2ada

ObjectFileType
Dynamic link library

File identification
MD5 1a9e6acf61d24e829059f5595edab9bf
SHA1 920090a21b02ca097a98eeec367d813276fc63ef
SHA256 3f5c096136acc066c81b5c15feb96d04bda69d0ff3708ee80b7eb2bed70d4e34
ssdeep
96:dZH4uqlGLZmcAZfgbtgkKSBCGmLW7EszNt:TgGNlAZEFiW4W

File size 6.0 KB ( 6144 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (85.3%)
Win32 Executable Generic (9.9%)
Generic Win/DOS Executable (2.3%)
DOS Executable Generic (2.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
VirusTotal metadata
First submission 2012-03-13 11:34:41 UTC ( 5 years, 6 months ago )
Last submission 2012-06-11 11:02:54 UTC ( 5 years, 3 months ago )
File names 491B56D800718619184700956687940016D1013C.exe
dbghelp.exe
1a9e6acf61d24e829059f5595edab9bf
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!