How to remove help.exe
help.exe
The module help.exe has been detected as Trojan.CoinMiner
File Details
| Product Name: | Helper |
| Company Name: | www.microsoft.com |
| MD5: | e51ff4cb908e78c4ce367b886449c4b7 |
| Size: | 4 MB |
| First Published: | 2020-12-12 18:19:35 (4 years ago) |
| Latest Published: | 2021-10-05 20:24:54 (4 years ago) |
| Status: | Trojan.CoinMiner (on last analysis) | |
| Analysis Date: | 2021-10-05 20:24:54 (4 years ago) |
Common Places:
| %sysdrive% |
| %profile% |
| %desktop% |
Geography:
| 66.7% | ||
| 33.3% |
OS Version:
| Windows Server 2016 | 66.7% | |
| Windows Server 2012 R2 | 33.3% |
Analysis
| Subsystem: | Windows CUI |
| PE Type: | pe |
| OS Bitness: | 64 |
| Image Base: | 0x0000000140000000 |
| Entry Address: | 0x0028778c |
PE Sections:
| Name | Size of data | MD5 |
| .text | 2986496 | d5afcc67a7fbd859095e14769eebc07e |
| .rdata | 864768 | ffe34788a7f0e6a81229bfc20443eea0 |
| .data | 279040 | 895e245d36bbfb2b699c0aa0d54b2372 |
| .pdata | 120832 | f2829dca9e6a1c04432d35568d9a3291 |
| _RANDOMX | 1536 | 24b14be4c31fa8a0a21a7651034f6670 |
| _TEXT_CN | 6656 | 6a7f77e47f77f65bef85036ae5a71106 |
| _TEXT_CN | 4608 | 409bf3f918f2402291cb56c2e9354b47 |
| _RDATA | 512 | 703b1bc1e19ec10794d2a0c374aeea40 |
| .rsrc | 11264 | 515f4bea36588c6adf56fe595889f595 |
| .reloc | 33792 | 528c8636e2bab0b3f7e9e63a272088e6 |
More information:
Download GridinSoft
Anti-Malware - Removal tool for help.exe
