» 7cde12eb-5c18-4ee7-ac5c-d68e3dc7f6b2.dll
Overview
Analysis
File Details
Programs (1)

7cde12eb-5c18-4ee7-ac5c-d68e3dc7f6b2.dll

Porter Studio Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module 7cde12eb-5c18-4ee7-ac5c-d68e3dc7f6b2.dll by Porter Studio Plus has been detected as adware by 8 anti-malware scanners. This file is typically installed with the program Radio Canyon by Bright circle investments Ltd. which is a potentially unwanted software program. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Porter Studio Plus (signed and verified)

MD5:

f731f6e36672121bcf9832b1700d7a86

SHA-1:

ddbf16269a96740b9ade1d37b89a09f4120bf1bd

SHA-256:

f4ab7da4726552ada0c97dc1ba998f626dd615df64d488f07bcb066b13f28094

Scanner detections:

8 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/19/2024 9:35:36 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen

7.11.189.70

AVG

Generic

2015.0.3277

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141128

ESET NOD32

Win32/Toolbar.CrossRider.BM potentially unwanted application

7.0.302.0

IKARUS anti.virus

not-a-virus:AdWare.Adwapper

t3scan.1.8.3.0

Kaspersky

Trojan.NSIS.GoogUpdate

15.0.0.543

Reason Heuristics

PUP.PorterStudioPlus.e

14.11.28.2

VIPRE Antivirus

Threat.4150696

35088

File size:

158.9 KB (162,720 bytes)

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\radio canyon\7cde12eb-5c18-4ee7-ac5c-d68e3dc7f6b2.dll

Digital Signature

Signed by:

Porter Studio Plus

Authority:

COMODO CA Limited

Valid from:

10/20/2014 6:00:00 AM

Valid to:

10/21/2015 5:59:59 AM

Subject:

CN=Porter Studio Plus, O=Porter Studio Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B7BA41CFBA8D50AF9A2A64362C08FA91

File PE Metadata

Compilation timestamp:

10/29/2014 2:33:16 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:b2Ml77MFsmdt4xJ2Th0TBn9TrbgVqrUw6cxHj+G76A6VlnNQ:vMS6UUTqTzDweUw6ej6A4NQ

Entry address:

0x84C0

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 3B, 3E, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, AC, D2, 01, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

5.9981

Code size:

93.5 KB (95,744 bytes)

The file 7cde12eb-5c18-4ee7-ac5c-d68e3dc7f6b2.dll has been discovered within the following program.

Radio Canyon by Bright circle investments Ltd.

Radio Canyon (Porter Studio Plus) is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

88% remove it

Remove 7cde12eb-5c18-4ee7-ac5c-d68e3dc7f6b2.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.