» 4c73bd4f-13b4-449b-bfa6-cd7dce23663f.dll
Overview
Analysis
File Details

4c73bd4f-13b4-449b-bfa6-cd7dce23663f.dll

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The module 4c73bd4f-13b4-449b-bfa6-cd7dce23663f.dll by Robokid Technologies has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Robokid Technologies (signed and verified)

MD5:

068880fc6ae47a9f81a757523cfc4795

SHA-1:

4ecaef3a8f624ea7f8258e0931d508fed0ced511

SHA-256:

4b7d5536badcba0dcc662ab6191c0ba61586de1abaea62d0f38cb9bc599d30a7

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 9:22:48 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Brightcircle (M)

17.3.16.4

File size:

132 KB (135,192 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\plus-hd-v1.1\4c73bd4f-13b4-449b-bfa6-cd7dce23663f.dll

Digital Signature

Signed by:

Robokid Technologies

Authority:

COMODO CA Limited

Valid from:

6/23/2014 1:00:00 AM

Valid to:

6/24/2015 12:59:59 AM

Subject:

CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata

Compilation timestamp:

8/6/2014 11:11:25 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

Entry address:

0x5DA0

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 93, 30, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, CC, 99, 01, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

5.8970

Code size:

74.5 KB (76,288 bytes)

Remove 4c73bd4f-13b4-449b-bfa6-cd7dce23663f.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.