DBGHELP.DLL

Debugging Tools for Windows

Microsoft Corporation

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The library DBGHELP.DLL, “Windows Image Helper” has been detected as malware by 13 anti-virus scanners.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Debugging Tools for Windows(R)

Description:
Windows Image Helper

Version:
6.8.0004.0 (debuggers(dbg).070515-1751)

MD5:
de8080eeff58bf558cda636444d4b4ed

SHA-1:
214852012d1498a303a293bec8153908a6c628eb

SHA-256:
e1432cb039a72b282dc6b8e5518fcd735d335b6e96fea4dfedad75bc102792a1

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
12/26/2024 1:00:06 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Pioneer-C
160414-2

AVG
Win32/Floxif
2015.0.4591

Dr.Web
Win32.FloodFix.7
9.0.1.05190

Emsisoft Anti-Malware
Win32.Floxif
11.5.0.6191

ESET NOD32
Win32/Floxif.H virus
8.0.319.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.96

Kaspersky
Virus.Win32.Pioneer
15.0.0.562

McAfee
Trojan.Dropper-FIY!DE8080EEFF58
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.223.1669.0

Norman
Win32.Floxif.A
19.05.2016 01:04:49

Sophos
Virus 'W32/Floxif-C'
5.23

VIPRE Antivirus
Threat.4760052
50170

File size:
1.1 MB (1,123,407 bytes)

Product version:
6.8.0004.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
DBGHELP.DLL

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\boinc\dbghelp.dll

Digital Signature
Authority:
Microsoft Corporation

Valid from:
6/22/2007 9:56:18 PM

Valid to:
9/22/2008 10:06:18 PM

Subject:
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6106BFFE000000000014

File PE Metadata
Compilation timestamp:
9/28/2007 3:27:05 AM

OS version:
7.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
24576:6Xm4cpDFmD2aC0jH5yrnXlpWrCSyZC0wLHr298TG00g8EAB4WrEH75R:HpUD2aC0jH5yrXDWRyZlwH29vjDIDR

Entry address:
0x67BC4

Entry point:
E9, C4, 26, FE, FF, 83, 7D, 0C, 01, 75, 05, E8, EE, 15, 00, 00, 5D, E9, 96, FD, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 68, D9, 0E, 03, 75, 02, F3, C3, E9, 5E, 16, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, D4, 11, 00, 03, CC, CC, CC, CC, CC, CC, FF, 25, A8, 12, 00, 03, CC, CC, CC, CC, CC, CC, FF, 25, A4, 12, 00, 03, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, A5, C2, D3, E0, C3, 8B, D0, 33, C0, 80, E1, 1F, D3, E2, C3, 33, C0, 33, D2, C3, CC, CC, CC, CC, CC...
 
[+]

Entropy:
6.6593

Packer / compiler:
Xtreme-Protector v1.05

Code size:
936 KB (958,464 bytes)

Remove DBGHELP.DLL - Powered by Reason Core Security