home

steamwebhelper.exe

Steam Client WebHelper

Valve Corporation

The executable steamwebhelper.exe has been detected as malware by 6 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘steamwebhelper’. While running, it connects to the Internet address dev.ucoz.net on port 80 using the HTTP protocol.
Publisher:
Valve Corporation

Product:
Steam Client WebHelper

Version:
3.0.0.01

MD5:
b230f1c37738ce3d5f8ba8091c6d7498

SHA-1:
95c5469549dfd599c24a4b9c8804541ce85ee4de

SHA-256:
548277dffd05153a25ad3bc019e92082ffb50279d1727c841ebd1c2fc5a6b389

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
11/5/2024 10:02:54 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160917-0

Clam AntiVirus
Win.Trojan.Agent-1220596
0.98/23189

Dr.Web
Trojan.DownLoader11.28860
9.0.1.05190

ESET NOD32
MSIL/PSW.Steam.DL trojan
6.3.12010.0

Kaspersky
Constructor.MSIL.Agent
15.0.2.529

Microsoft Security Essentials
Trojan:MSIL/Stimilini.J
1.237.956.0

File size:
273.5 KB (280,022 bytes)

Product version:
3.0.0.01

Copyright:
Copyright (C) 2014 Valve Corporation

Original file name:
steamwebhelper.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\steamwebhelper2\steamwebhelper.exe

File PE Metadata
Compilation timestamp:
8/22/2014 4:12:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x2F2CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6092

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
181 KB (185,344 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
steamwebhelper

Command:
C:\users\{user}\appdata\roaming\steamwebhelper2\steamwebhelper.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to dev.ucoz.net  (195.216.243.114:80)

Remove steamwebhelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.