Home / malware

PDF

SoftwareBundler:Win32/Dlhelper

First posted on 07 December 2016.
Source: Microsoft

Aliases :

There are no other names known for SoftwareBundler:Win32/Dlhelper.

Explanation :

Arrival and Installation

This threat may be downloaded as a disk image file with the filename extension .iso:

If the file is opened, Windows mounts the file. It would appear that you have another drive in your PC and you are offered to run an executable file:

When the file in the mounted drive is executed, it displays a list of applications that can be bundled with the program being installed:

Clicking Open launches File Explorer, which shows that the program is installed. For example, the following application is installed, but it is an empty file:

Payload
Installs malicious or unwanted software

This threat bundles other applications when it is installed. Some of these applications are malware, which are detected as SoftwareBundler:Win32/Pokavampo.





Analysis by Michael Johnson

Last update 07 December 2016

 

TOP