» 3f5fb20d-067f-4b20-8d9a-95084e70c034.dll
Overview
Analysis
File Details

3f5fb20d-067f-4b20-8d9a-95084e70c034.dll

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The module 3f5fb20d-067f-4b20-8d9a-95084e70c034.dll by Robokid Technologies has been detected as adware by 13 anti-malware scanners. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Robokid Technologies (signed and verified)

MD5:

2267c205be90f77752568f34a38b15aa

SHA-1:

f43b42f050dc4ff901675a9405ac8bccc7ef384a

SHA-256:

6dc5bafa5cb77e8142a9d7cd263a0400dc290ca24216de564d119a621484aec7

Scanner detections:

13 / 68

Status:

Adware

Analysis date:

4/29/2024 4:43:31 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.173.16

AVG

Generic

2015.0.3352

Baidu Antivirus

Adware.NSIS.Adwapper

4.0.3.141215

Fortinet FortiGate

Adware/Adwapper

12/15/2014

herdProtect (fuzzy)

variant of d83f73e1-72c8-4fda-8040-5ffe7198fd63.dll (Adware)

2014.11.9.20

IKARUS anti.virus

not-a-virus:AdWare.Adwapper

t3scan.1.7.8.0

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.2795

McAfee

Artemis!E0C1D3B6559F

5600.6916

Panda Antivirus

Trj/Chgt.F

14.12.15.12

Qihoo 360 Security

Win32/Virus.Adware.970

1.0.0.1015

Reason Heuristics

PUP.RobokidTechnologies.e

14.9.13.14

Sophos

AppRider

4.98

Vba32 AntiVirus

AdWare.Adwapper

3.12.26.3

File size:

140.5 KB (143,896 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\cinedpv2\3f5fb20d-067f-4b20-8d9a-95084e70c034.dll

Digital Signature

Signed by:

Robokid Technologies

Authority:

COMODO CA Limited

Valid from:

6/23/2014 1:00:00 AM

Valid to:

6/24/2015 12:59:59 AM

Subject:

CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata

Compilation timestamp:

9/13/2014 11:02:40 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:T8z1VYntpHfJoRTtmRR04c0KWfbfgbpbBo7sGX+M8UsWEduxh2S35Lv6R0iC:aytp/JATsRR04yWfbfgwwe+BWh2mLyFC

Entry address:

0x61AC

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, EF, 3C, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, C0, B5, 01, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

5.8972

Code size:

80.5 KB (82,432 bytes)

Remove 3f5fb20d-067f-4b20-8d9a-95084e70c034.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.