SF Helper [af1c3268e6084f7b#300#] exe PUP SaveFrom File Malware Analysis: cb7540975a2d1643707fa30760b36c7b

SF-Helper-[af1c3268e6084f7b#300#].exe PUP SaveFrom Analysis

Updated 10 months ago

Checked by Malware Check

SF-Helper-[af1c3268e6084f7b#300#].exe

Hash Type	Value	Action
MD5	cb7540975a2d1643707fa30760b36c7b
SHA1	5ae5cd61058dd0979e2c898bda1b07d26d041f3f
SHA256	9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf
SHA512	730d22fcf5228f7c03eb757d786e7bceebf362f63bec6d2a1c3307675bca87af580bbd0b0002f7a1cdc559928137d5e58512d90a29023b8aeb22cac2ba1d8717
ImpHash	56a78d55f3f7af51443e58e0ce2fb5f6

Hash Type

Value

Action

MD5

cb7540975a2d1643707fa30760b36c7b

SHA1

5ae5cd61058dd0979e2c898bda1b07d26d041f3f

SHA256

9c44660a837beaed12beb9cb626ee2886910adefe044f269240a1e2db1ee6dbf

SHA512

730d22fcf5228f7c03eb757d786e7bceebf362f63bec6d2a1c3307675bca87af580bbd0b0002f7a1cdc559928137d5e58512d90a29023b8aeb22cac2ba1d8717

ImpHash

56a78d55f3f7af51443e58e0ce2fb5f6

PE Analysis

Basic Information

▼

Icon	Hash: 03f9c8194485bf976021359f9ee8d688 Fuzzy: af112d42f98d2aeb96ed01dc769e7529 dHash: 0f2b23172b178e0f
Image Base	`0x00400000`
Entry Point	`0x0040352d`
Compilation Time	2021-09-25 21:57:46
Checksum	0x00050b65 (Actual: 0x00050b65)
OS Version	4.0
PEiD Signatures	`PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive`
Digital Signature	OK
Imports	7 libraries ADVAPI32, SHELL32, ole32, COMCTL32, USER32, GDI32, KERNEL32
Exports	0 functions
Resources	15 Resources
Sections	5 Sections

Version Information

▼

Comments	2023-06-08-0932
CompanyName	32/05 team
FileDescription	SaveFrom.net Helper Installer
FileVersion	1.7.0.1
InternalName	SaveFrom.net Helper Installer
LegalCopyright	© 2023, 32/05 team. All rights reserved.
LegalTrademarks
OriginalFilename	sf-helper-default-installer.exe
PrivateBuild	No private build info.
ProductName	SaveFrom.net Helper Installer
ProductVersion	1.7.0.1
SpecialBuild	No special build info.
Translation	0x0409 0x04b0

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	26,775 bytes	27,136 bytes	6.46 (Normal)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`CE9DF19DF15AA7BFBC0A8D0AF0B841D0`
`.rdata`	`0x00008000`	5,286 bytes	5,632 bytes	5.02 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`A118375C929D970903C1204233B7583D`
`.data`	`0x0000a000`	176,152 bytes	1,536 bytes	4.15 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`82A10C59A8679BB952FC8316070B8A6C`
`.ndata`	`0x00036000`	266,240 bytes	0 bytes	0.00 (Normal)	`IMAGE_SCN_CNT_UNINITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`D41D8CD98F00B204E9800998ECF8427E`
`.rsrc`	`0x00077000`	119,424 bytes	119,808 bytes	5.07 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`C5583D5115262D7F3FD94BF4D4989997`

Resource Analysis

▼

Total Resources: 15 (118,512 bytes)

Resource Type	Count	Total Size	Percentage
RT_BITMAP	1	1,638 bytes	1.4%
RT_ICON	6	113,121 bytes	95.5%
RT_DIALOG	5	1,460 bytes	1.2%
RT_GROUP_ICON	1	90 bytes	0.1%
RT_VERSION	1	1,144 bytes	1%
RT_MANIFEST	1	1,059 bytes	0.9%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

File Name	SF-Helper-[af1c3268e6084f7b#300#].exe
File Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Scanner Version	1.0.186.174
Database Version	2024-09-05 04:00:22 UTC

SF-Helper-[af1c3268e6084f7b#300#].exe PUP SaveFrom Analysis

Technical Analysis

PUP.Win32.SaveFrom.dd!c

Scan Another File

File Identification

PE Analysis

Basic Information

Version Information

PE Sections

Resource Analysis

Certificate Chain Analysis

No Digital Signatures

Security Implications:

Certificate Verification Status

PUP.Win32.SaveFrom.dd!c Removal

Removal Instructions

Leave a Comment

Gridinsoft Anti-Malware