File Name | zthelper.dll |
File Type |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
Scanner Version | 1.0.217.174 |
Database Version | 2025-05-29 19:00:19 UTC |
No threats detected by our scanner
Hash Type | Value | Action |
---|---|---|
MD5 |
ad3a11e87ae08271265fb4a2cca713df
|
|
SHA1 |
c5d87fd3e78819b85f3c01f9b93c5a5b848aea14
|
|
SHA256 |
40edb187f48d400bc74e2a218254d0eff2c9db68f35d1ae673cacd2eb62e1d92
|
|
SHA512 |
992d26a8011efcd3937826c55784c49533b8a752839ebe56027ea89214f247029d80d6f5d4b9b4ac00b3f0bc296d7cb77e59a71af9a300564f4d92b6062c1bfd
|
|
ImpHash |
296c7304343f1406b3585f52dee4b70d
|
Image Base | 0x180000000 |
Entry Point | 0x1800014a0 |
Compilation Time | 2013-09-24 02:00:04 |
Checksum | 0x00028809 (Actual: 0x00028809) |
OS Version | 10.0 |
PEiD Signatures |
PE32+ executable (DLL) (console) x86-64, for MS Windows
|
PDB Path | zthelper.pdb |
Digital Signature | OK |
Imports | 29 libraries |
Exports | 2 functions |
Resources | 2 Resources |
Sections | 8 Sections |
CompanyName | Microsoft Corporation |
FileDescription | ZTHELPER |
FileVersion | 10.0.26100.4202 (WinBuild.160101.0800) |
InternalName | ZTHELPER.dll |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | ZTHELPER.dll |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 10.0.26100.4202 |
Translation | 0x0409 0x04b0 |
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
---|---|---|---|---|---|---|
.text |
0x00001000 |
75,704 bytes | 77,824 bytes | 6.22 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
2EDDA976CFC3F0F76FA614BFB8C4B8B8 |
_wpp_sf |
0x00014000 |
7,445 bytes | 8,192 bytes | 5.49 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
4C9F8E3E8AB46D00A1B9F108C9BA1FFC |
fothk |
0x00016000 |
4,096 bytes | 4,096 bytes | 0.02 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
56C30C114FAA0C65FFFCB24D0F771D6D |
.rdata |
0x00017000 |
23,098 bytes | 24,576 bytes | 4.51 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
3FA4A8CEEF6404B810BB5A939F5B690A |
.data |
0x0001d000 |
3,152 bytes | 4,096 bytes | 0.35 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
6E8738BC79B02283DC659F95DF7658EA |
.pdata |
0x0001e000 |
3,540 bytes | 4,096 bytes | 4.51 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
E280C3861FFCAF22E945A95FD22AACE9 |
.rsrc |
0x0001f000 |
1,280 bytes | 4,096 bytes | 1.30 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
B83F2AA0A4AB39897F2417CC7A86240C |
.reloc |
0x00020000 |
668 bytes | 4,096 bytes | 1.33 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
C2C798D62955E8BDA1B286B696910045 |
Resource Type | Count | Total Size | Percentage |
---|---|---|---|
MUI | 1 | 200 bytes | |
RT_VERSION | 1 | 904 bytes |
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
OK
Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:
Download Anti-MalwareThis file appears clean, but regular security maintenance is important