SetupHelper is ranked as malicious

Progress® Telerik® Fiddler™ Classic Feedback Portal

Create an account Log In

Back to Feed

Request a Feature Report a Bug

Under Review

Last Updated: 21 Nov 2017 01:43 by Imported User

Imported User

Created on: 20 Nov 2017 05:59

Type: Feature Request

SetupHelper is ranked as malicious

I was reading a malware report (https://www.joesandbox.com/analysis/32668/0/pdf) on the Fiddler Installer "[Sep-15-17] v4.6.20173.38786" and two things grabbed my attention. First SetupHelper is classified as malicious (Eric says (https://groups.google.com/forum/#!topic/httpfiddler/qJk2MRP_AKI) that may be because it's missing the .exe extension) and second the mscorsvw process writes to an unknown file the contents MEOW followed by some indecipherable data.

1 comment

Eric

Posted on: 20 Nov 2017 06:00

I suspect the MEOW thing is even more of a red herring.

In COM (https://en.wikipedia.org/wiki/Component_Object_Model) and DCOM (https://en.wikipedia.org/wiki/Distributed_Component_Object_Model) marshalled interfaces, called OBJREFs (https://en.wikipedia.org/wiki/OBJREF) , always start with the byte sequence "MEOW" (4D 45 4F 57).