Home / malware SoftwareBundler:Win32/Dlhelper
First posted on 07 December 2016.
Source: MicrosoftAliases :
There are no other names known for SoftwareBundler:Win32/Dlhelper.
Explanation :
Arrival and Installation
This threat may be downloaded as a disk image file with the filename extension .iso:
If the file is opened, Windows mounts the file. It would appear that you have another drive in your PC and you are offered to run an executable file:
When the file in the mounted drive is executed, it displays a list of applications that can be bundled with the program being installed:
Clicking Open launches File Explorer, which shows that the program is installed. For example, the following application is installed, but it is an empty file:
Payload
Installs malicious or unwanted software
This threat bundles other applications when it is installed. Some of these applications are malware, which are detected as SoftwareBundler:Win32/Pokavampo.
Analysis by Michael JohnsonLast update 07 December 2016
