× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 975ae113a768b3157271ef5119871b913bce85a3d8594b8daaf3189021c36e17
File name: IEHelper
Detection ratio: 20 / 63
Analysis date: 2019-02-19 07:15:24 UTC ( 4 weeks ago )
Antivirus Result Update
AhnLab-V3 Win-PUP/SearchSuite 20190219
Alibaba Toolbar:Win32/SearchSuite.2f827d81 20180921
CAT-QuickHeal Trojan.BandooPMF.S203154 20190218
Cylance Unsafe 20190219
DrWeb Adware.BGuard.71 20190219
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Toolbar.SearchSuite potentially unwanted 20190219
GData Win32.Application.Agent.DB2T03 20190219
Sophos ML heuristic 20181128
K7AntiVirus Adware ( 004b95bd1 ) 20190219
K7GW Adware ( 004b95bd1 ) 20190219
Kaspersky not-a-virus:WebToolbar.Win32.SearchSuite.aia 20190219
Malwarebytes PUP.Optional.Bandoo 20190219
NANO-Antivirus Riskware.Win32.SearchSuite.ersqjo 20190219
Rising PUF.SearchSuite!8.127 (CLOUD) 20190219
Sophos AV SearchSuite (PUA) 20190219
SUPERAntiSpyware PUP.Bandoo/Variant 20190213
VBA32 BScope.Adware.BGuard 20190218
Yandex PUA.Toolbar! 20190215
ZoneAlarm by Check Point not-a-virus:WebToolbar.Win32.SearchSuite.aia 20190219
Acronis 20190213
Ad-Aware 20190219
AegisLab 20190219
ALYac 20190219
Antiy-AVL 20190219
Arcabit 20190219
Avast 20190219
Avast-Mobile 20190218
AVG 20190219
Avira (no cloud) 20190219
Babable 20180918
Baidu 20190215
BitDefender 20190219
ClamAV 20190218
CMC 20190218
Comodo 20190219
CrowdStrike Falcon (ML) 20181023
Cybereason 20190109
Cyren 20190219
eGambit 20190219
Emsisoft 20190219
F-Secure 20190218
Fortinet 20190219
Ikarus 20190218
Jiangmin 20190219
Kingsoft 20190219
MAX 20190219
McAfee 20190219
McAfee-GW-Edition 20190219
Microsoft 20190219
eScan 20190219
Palo Alto Networks (Known Signatures) 20190219
Panda 20190218
Qihoo-360 20190219
SentinelOne (Static ML) 20190203
Symantec 20190219
Symantec Mobile Insight 20190207
TACHYON 20190219
Tencent 20190219
TheHacker 20190217
TotalDefense 20190219
Trapmine 20190123
Trustlook 20190219
ViRobot 20190219
Webroot 20190219
Zoner 20190218
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2005 - 2011

Product IEHelper Module
Original name IEBHO.dll
Internal name IEHelper
Description IEHelper
Signature verification Signed file, verified signature
Signing date 11:21 AM 9/2/2012
Signers
[+] Bandoo Media, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Code Signing CA - G2
Valid from 12:00 AM 02/24/2011
Valid to 11:59 PM 02/23/2013
Valid usage Code Signing, 1.3.6.1.4.1.311.2.1.22
Algorithm sha1RSA
Thumbprint D443AA7FB01D50A53FF93DD4BB4D0FCF0192037A
Serial number 2C 1E 0D FD 52 07 FC BA 62 25 F6 AE 61 58 70 68
[+] Thawte Code Signing CA - G2
Status Valid
Issuer thawte Primary Root CA
Valid from 12:00 AM 02/08/2010
Valid to 11:59 PM 02/07/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Serial number 47 97 4D 78 73 A5 BC AB 0D 2F B3 70 19 2F CE 5E
[+] thawte
Status Valid
Issuer thawte Primary Root CA
Valid from 12:00 AM 11/17/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 91C6D6EE3E8AC86384E548C299295C756C817B81
Serial number 34 4E D5 57 20 D5 ED EC 49 F4 2F CE 37 DB 2B 6D
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status This certificate or one of the certificates in the certificate chain is not time valid., The revocation status of the certificate or one of the certificates in the certificate chain is unknown., Error 65536 (0x10000), The revocation status of the certificate or one of the certificates in the certificate chain is either offline or stale.
Issuer VeriSign Time Stamping Services CA
Valid from 12:00 AM 05/01/2012
Valid to 11:59 PM 12/31/2012
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/04/2003
Valid to 11:59 PM 12/03/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-09-02 11:15:24
Entry Point 0x0000EFB0
Number of sections 6
PE sections
Overlays
MD5 acadeb2fd0b8c803fc49da69127c55db
File type data
Offset 1178112
Size 7096
Entropy 7.32
PE imports
GetDeviceCaps
DeleteDC
SelectObject
CreateDCW
GetStockObject
CreateSolidBrush
GetObjectW
BitBlt
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
GetStdHandle
ReleaseMutex
InterlockedPopEntrySList
CreateWaitableTimerA
SetEvent
HeapDestroy
EncodePointer
GetFileAttributesW
lstrcmpW
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
MapViewOfFileEx
OpenFileMappingA
FreeEnvironmentStringsW
GetThreadContext
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
InterlockedExchange
FindResourceExW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
AddVectoredExceptionHandler
GetOEMCP
LocalFree
ResumeThread
SetWaitableTimer
InterlockedPushEntrySList
CreateEventW
LoadResource
GlobalHandle
TlsGetValue
FormatMessageA
QueueUserWorkItem
SetLastError
DeviceIoControl
InterlockedDecrement
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetModuleFileNameA
LoadLibraryA
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FlushInstructionCache
CreateMutexA
GetModuleHandleA
CreateSemaphoreA
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
ExitThread
DecodePointer
SetEnvironmentVariableA
SetThreadContext
TerminateProcess
VirtualQuery
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
AreFileApisANSI
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetDateFormatA
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CompareStringW
WriteFile
RemoveDirectoryW
ResetEvent
CreateFileMappingA
IsValidLocale
DuplicateHandle
WaitForMultipleObjects
GlobalLock
GetTimeZoneInformation
CreateFileW
CreateEventA
GetFileType
TlsSetValue
ExitProcess
RemoveVectoredExceptionHandler
LeaveCriticalSection
GetLastError
InitializeCriticalSection
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
FindResourceW
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
SizeofResource
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
HeapSize
GetCommandLineA
InterlockedCompareExchange
GetCurrentThread
SuspendThread
RaiseException
ReleaseSemaphore
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsBadStringPtrW
IsValidCodePage
UnmapViewOfFile
OpenEventW
VirtualFree
Sleep
IsBadReadPtr
OpenEventA
VirtualAlloc
GetTimeFormatA
SetFocus
RegisterWindowMessageW
IsWindowUnicode
GetClassInfoExW
ReleaseDC
EndDialog
BeginPaint
SetClassLongW
GetFocus
DefWindowProcW
CreateAcceleratorTableW
UnhookWindowsHookEx
DestroyAcceleratorTable
GetMessageW
ScreenToClient
ShowWindow
SetWindowPos
GetParent
GetWindowThreadProcessId
PostThreadMessageW
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
DispatchMessageA
EndPaint
CallNextHookEx
UnregisterClassA
SetCapture
ReleaseCapture
EnumChildWindows
SendDlgItemMessageW
CreateWindowExW
GetWindow
PostMessageW
GetSysColor
SendMessageW
CheckDlgButton
GetDC
GetKeyState
GetAsyncKeyState
MapDialogRect
RegisterClassExW
PrintWindow
RedrawWindow
TranslateMessage
FindWindowExW
MoveWindow
EnumWindows
SetWindowTextW
GetDlgItem
CallWindowProcW
ClientToScreen
InvalidateRect
MsgWaitForMultipleObjectsEx
GetClientRect
GetClassNameW
DialogBoxIndirectParamW
FillRect
IsDlgButtonChecked
SetWindowContextHelpId
GetWindowTextW
GetDesktopWindow
SetWindowsHookExW
LoadCursorW
GetWindowTextLengthW
DispatchMessageW
GetWindowLongW
GetMessageA
InvalidateRgn
CharNextW
IsChild
DestroyWindow
ImageNtHeader
RtlCreateUserThread
ZwClose
NtAllocateVirtualMemory
NtQueryInformationProcess
NtFreeVirtualMemory
PE exports
Number of PE resources by type
RT_STRING 2
REGISTRY 2
TYPELIB 1
RT_DIALOG 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 5
RUSSIAN 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
IEHelper

ImageFileCharacteristics
Executable, 32-bit, DLL

CharacterSet
Unicode

InitializedDataSize
434176

EntryPoint
0xefb0

OriginalFileName
IEBHO.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 2005 - 2011

TimeStamp
2012:09:02 11:15:24+00:00

FileType
Win32 DLL

PEType
PE32

InternalName
IEHelper

SubsystemVersion
5.1

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Bandoo Media, inc

CodeSize
754688

ProductName
IEHelper Module

ProductVersionNumber
1.0.0.1

FileTypeExtension
dll

ObjectFileType
Dynamic link library

File identification
MD5 683f04dcc2f8a299732c1e532b4f1c33
SHA1 23d2353c524021f8ab247785fa9ec968ab9de357
SHA256 975ae113a768b3157271ef5119871b913bce85a3d8594b8daaf3189021c36e17
ssdeep
24576:BCF0Pyf0GrCMScnp7mJ/Yk7aSRBqL4r2Cw3t9HQtbZZWa:wFy2m2FQBrrm3t9HQtbZca

authentihash 05da2f3135039341b094421c63f8da7caaef74b9cbc484c2de1a786f51b00c14
imphash 38c31c9cfac0043fc5bab17ac5ba2a0b
File size 1.1 MB ( 1185208 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID DirectShow filter (56.5%)
Windows ActiveX control (32.7%)
Win64 Executable (generic) (7.7%)
Win32 Executable (generic) (1.2%)
OS/2 Executable (generic) (0.5%)
Tags
pedll signed overlay

VirusTotal metadata
First submission 2012-09-02 16:01:01 UTC ( 6 years, 6 months ago )
Last submission 2018-05-20 17:47:35 UTC ( 10 months ago )
File names del_IEBHO_10.dll
IEHelper
IEBHO.dll
iebho.dll
iebho.dll
IEBHO.dll
F40D69AEB87271C7158C12A90FD7AE00A9BD37C8.dll
vti-rescan
iebho.dll
iebho.dll
iebho.dll
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!