Helper.exe

InstallShield

Macrovision Corporation

Publisher:
Macrovision Corporation  (signed and verified)

Product:
InstallShield

Description:
InstallShield .NET Framework 3.5 Redistributable Helper

Version:
14.0.162

MD5:
ad29c3dec8fb0cfdafe8548371b0ee6d

SHA-1:
b923c58d0fdc9c3c9fbed17bd5fb563ebb6a89a7

SHA-256:
2812ce780e6c3bd583d863e2520ac008bec0da3ca4fa8243296f9a00655b2e02

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 5:55:08 AM UTC  (today)

File size:
125.5 KB (128,472 bytes)

Product version:
14.0

Copyright:
Copyright (C) 2007 Macrovision Corporation

Original file name:
Helper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\{609e84bc-fcb1-4a1f-b898-8950750eae39}\helper.exe

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
2/10/2006 5:30:00 AM

Valid to:
2/21/2008 5:29:59 AM

Subject:
CN=Macrovision Corporation, OU=ENGINEERING, O=Macrovision Corporation, L=Schaumburg, S=Illinois, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
036939C475D53C1D70992DB8A87EB7D3

File PE Metadata
Compilation timestamp:
12/13/2007 3:50:47 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:0uUf14cA2EuEgXJLObGoYCvSfNN8kdlMbbnHoDcjm4ELn4T:Cf14cTOACoNNRM3IDcjm9Lne

Entry address:
0xD424

Entry point:
55, 8B, EC, 6A, FF, 68, A8, 62, 41, 00, 68, 58, 15, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, C0, 60, 41, 00, 33, D2, 8A, D4, 89, 15, 78, C6, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 74, C6, 41, 00, C1, E1, 08, 03, CA, 89, 0D, 70, C6, 41, 00, C1, E8, 10, A3, 6C, C6, 41, 00, 33, F6, 56, E8, D7, 12, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, AC, 47, 00, 00, FF, 15, BC, 60, 41, 00, A3, 0C, DC, 41, 00, E8...
 
[+]

Entropy:
5.8786

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
84 KB (86,016 bytes)

The file Helper.exe has been discovered within the following programs.

www.intoxicatestudios.com/index.php/en/projects/afterfall-dirty-arena
About 1% of users remove it
Afterfall InSanity Extended Edition  by Intoxicate Studios
www.afterfall-universe.com
About 6% of users remove it
www.revolution.co.uk/iswordpc.php
About 5% of users remove it
InstallShield 2011 Limited Edition  by Flexera Software, Inc.
Publisher's description - “InstallShield Limited Edition for Visual Studio 2010 provides a small subset of the world-class functionality found in our other InstallShield editions. Many of the features our InstallShield customers love are locked and unavailable in your InstallShield Limited Edition.”
www.installshield.com/installshield/overview
About 4% of users remove it
 
Powered by Should I Remove It?

The file Helper.exe has been seen being distributed by the following 5 URLs.

http://113.171.224.166/.../Helper.exe

http://113.171.224.206/.../Helper.exe

Scan Helper.exe - Powered by Reason Core Security