× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e82e6558d7be1e8b262fb59951d8aaa2be89034453cfbaa14c5bf274a0a32c71
File name: iehelper1
Detection ratio: 43 / 58
Analysis date: 2016-09-26 12:50:09 UTC ( 2 years ago )
Antivirus Result Update
Ad-Aware Gen:Trojan.Heur.VP2.jm0@a49iqKhi 20160926
AegisLab Troj.Downloader.W32.VB.hxw!c 20160926
AhnLab-V3 Downloader/Win32.VB.N29004020 20160926
Antiy-AVL Trojan[Downloader]/Win32.VB 20160926
Arcabit Trojan.Heur.VP2.E2A124 20160926
Avast Win32:Malware-gen 20160926
AVG Downloader.Generic9.ATYT 20160926
Avira (no cloud) TR/Dldr.VB.hxw.2 20160926
AVware Trojan.Win32.Generic!BT 20160926
BitDefender Gen:Trojan.Heur.VP2.jm0@a49iqKhi 20160926
ClamAV Win.Downloader.89199-1 20160926
CMC Trojan-Downloader.Win32.VB!O 20160921
Comodo TrojWare.Win32.TrojanDownloader.VB.hxw 20160926
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Cyren W32/Risk.OLQD-4293 20160926
DrWeb Trojan.DownLoad.54717 20160926
Emsisoft Gen:Trojan.Heur.VP2.jm0@a49iqKhi (B) 20160926
ESET-NOD32 Win32/VB.NIP 20160926
F-Prot W32/MalwareS.SCH 20160926
F-Secure Gen:Trojan.Heur.VP2.jm0@a49iqKhi 20160926
Fortinet W32/VB.HXW!tr.dldr 20160926
GData Gen:Trojan.Heur.VP2.jm0@a49iqKhi 20160926
Ikarus Trojan-Downloader.Win32.VB.dog 20160926
K7AntiVirus Backdoor ( 04c4d3891 ) 20160926
K7GW Backdoor ( 04c4d3891 ) 20160926
Kaspersky Trojan-Downloader.Win32.VB.hyxa 20160926
McAfee RDN/Generic Downloader.x 20160923
McAfee-GW-Edition BehavesLike.Win32.Autorun.cm 20160926
eScan Gen:Trojan.Heur.VP2.jm0@a49iqKhi 20160926
NANO-Antivirus Trojan.Win32.VB.damvu 20160926
Panda Generic Malware 20160925
Qihoo-360 Win32/Trojan.Downloader.e9b 20160926
Rising Trojan.Generic-tZYPyucSuJL (cloud) 20160926
Sophos AV Mal/Generic-S 20160926
Tencent Win32.Trojan-Downloader.Vb.cwnm 20160926
TheHacker Trojan/Downloader.VB.hxw 20160926
TrendMicro TROJ_DLOADE.AVK 20160926
TrendMicro-HouseCall TROJ_DLOADE.AVK 20160926
VBA32 OScope.Trojan.VB.01224 20160923
VIPRE Trojan.Win32.Generic!BT 20160926
ViRobot Trojan.Win32.Downloader.159744.BU[h] 20160926
Yandex Trojan.DL.VB!7iyQVDZe0/I 20160925
Zillya Downloader.VB.Win32.12411 20160924
Alibaba 20160926
ALYac 20160926
Baidu 20160926
Bkav 20160926
CAT-QuickHeal 20160926
Sophos ML 20160917
Jiangmin 20160926
Kingsoft 20160926
Malwarebytes 20160926
Microsoft 20160926
nProtect 20160926
SUPERAntiSpyware 20160926
Symantec 20160926
TotalDefense 20160920
Zoner 20160926
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Product IEHelp
Original name iehelper1.exe
Internal name iehelper1
File version 1.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2008-06-27 15:16:18
Entry Point 0x00003734
Number of sections 3
PE sections
PE imports
_adj_fdivr_m64
__vbaGenerateBoundsError
__vbaStrFixstr
_allmul
__vbaStrMove
EVENT_SINK_Invoke
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaVarAnd
__vbaRedim
__vbaForEachCollObj
__vbaCopyBytes
__vbaRaiseEvent
__vbaFailedFriend
_adj_fdiv_r
__vbaLsetFixstrFree
__vbaRecAnsiToUni
__vbaObjSetAddref
__vbaFixstrConstruct
Ord(536)
Ord(517)
__vbaHresultCheckObj
__vbaI2Var
__vbaR8Str
_CIlog
__vbaVarMul
__vbaVarLateMemCallLd
_adj_fptan
Ord(581)
__vbaI4Var
__vbaLateIdCall
Ord(306)
__vbaRecUniToAnsi
Ord(608)
Ord(617)
__vbaLateIdCallLd
Ord(631)
__vbaStrI2
__vbaStrR8
__vbaStrI4
__vbaStrR4
Ord(709)
__vbaFreeStrList
__vbaI2I4
__vbaFreeStr
_adj_fdiv_m16i
EVENT_SINK_QueryInterface
Ord(689)
Ord(516)
Ord(320)
__vbaI4Str
__vbaLenBstr
Ord(594)
__vbaStrToUnicode
__vbaInStr
_adj_fdiv_m32i
Ord(717)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
Zombie_GetTypeInfoCount
__vbaUbound
__vbaFreeVar
__vbaBoolVarNull
__vbaVargVarMove
Ord(100)
Ord(319)
Ord(321)
_CIsin
Ord(711)
__vbaNew
__vbaAryLock
__vbaLsetFixstr
__vbaVarTstEq
Ord(593)
Ord(716)
Ord(304)
__vbaOnError
_adj_fdivr_m32i
__vbaInStrVar
__vbaStrCat
__vbaVarDup
__vbaChkstk
EVENT_SINK_Release
__vbaStrCmp
__vbaErase
__vbaBoolVar
__vbaFreeObjList
Ord(629)
Ord(592)
EVENT_SINK_GetIDsOfNames
Ord(666)
__vbaVar2Vec
__vbaFreeVarList
__vbaStrVarMove
__vbaCastObj
__vbaExitProc
Zombie_GetTypeInfo
__vbaVarOr
__vbaVarTstNe
Ord(618)
__vbaLateMemCallLd
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
__vbaVarTstGt
Ord(690)
_CIcos
Ord(303)
Ord(528)
__vbaVarMove
Ord(310)
__vbaErrorOverflow
__vbaStrUI1
__vbaNew2
__vbaLateIdSt
__vbaR8IntI2
__vbaAryUnlock
__vbaVarCmpEq
__vbaAryDestruct
__vbaAryCopy
_adj_fprem1
Ord(619)
Ord(537)
_adj_fdiv_m32
Ord(535)
Ord(712)
__vbaVarCmpLt
__vbaLenVar
__vbaEnd
Ord(685)
__vbaLateMemSt
__vbaVarLateMemCallLdRf
_adj_fpatan
EVENT_SINK_AddRef
Ord(300)
__vbaObjIs
__vbaVarVargNofree
__vbaStrCopy
Ord(632)
Ord(645)
__vbaFPException
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
_adj_fdiv_m64
__vbaCastObjVar
Ord(519)
__vbaNextEachCollObj
Ord(309)
Ord(526)
_CIsqrt
__vbaVarCopy
_CIatan
__vbaVarDiv
__vbaLateMemCall
Ord(573)
__vbaObjSet
__vbaVarTstLe
Ord(312)
__vbaVarCat
_CIexp
__vbaStrToAnsi
__vbaFpR4
_CItan
__vbaFpI4
Ord(598)
Number of PE resources by type
RT_ICON 6
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
6.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

CharacterSet
Unicode

InitializedDataSize
24576

EntryPoint
0x3734

OriginalFileName
iehelper1.exe

MIMEType
application/octet-stream

FileVersion
1.0

TimeStamp
2008:06:27 16:16:18+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
iehelper1

ProductVersion
1.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
IEHelp

CodeSize
139264

ProductName
IEHelp

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c4c65eb3cae94754dda825adf5864935
SHA1 fff70371286e19789a28a33639dcfb42ab74b99b
SHA256 e82e6558d7be1e8b262fb59951d8aaa2be89034453cfbaa14c5bf274a0a32c71
ssdeep
3072:KgHb9wXJSBnLy+ig/tsI99ZlmkTofm15pL+:77CJyy+i6tpnlmkTofm15F+

authentihash 1f44fa85e5502241fe33916ea0574d56f8f1a243cf2f8e71556f9848cff2043c
imphash 2bca3a01278bebd27ff0afbbafe3bae7
File size 156.0 KB ( 159744 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (69.4%)
Win64 Executable (generic) (23.3%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.6%)
DOS Executable Generic (1.6%)
Tags
peexe

VirusTotal metadata
First submission 2010-02-15 20:39:23 UTC ( 8 years, 8 months ago )
Last submission 2012-09-18 19:17:06 UTC ( 6 years, 1 month ago )
File names wcU4Dw_nu.chm
aa
iehelper1
iehelper.exe
c4c65eb3cae94754dda825adf5864935.exe
C4C65EB3CAE94754DDA825ADF5864935.bin
iehelper1.exe
c4c65eb3cae94754dda825adf5864935
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!