» b091f5a8-3bbb-42b7-9ce5-f05d09a60a7a.dll
Overview
Analysis
File Details
Programs (1)

b091f5a8-3bbb-42b7-9ce5-f05d09a60a7a.dll

Berta Brid Eco

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module b091f5a8-3bbb-42b7-9ce5-f05d09a60a7a.dll by Berta Brid Eco has been detected as adware by 8 anti-malware scanners. This file is typically installed with the program Radio Canyon by Bright circle investments Ltd. which is a potentially unwanted software program. The library is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Berta Brid Eco (signed and verified)

MD5:

1622c0aefe25845a6f4b617c710b9e45

SHA-1:

64c51521f9426616c83d81dfc1df7e743026c6c0

SHA-256:

17901de6724f2667235e0685993bb3d00c25e6e42da4bb73edc70b33f43e6319

Scanner detections:

8 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/25/2024 5:16:09 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/CrossRider.pq

7.11.175.32

AVG

Berta

2015.0.3337

G Data

Win32.Adware.Crossrider

14.9.24

K7 AntiVirus

Unwanted-Program

13.183.13504

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.3170

Panda Antivirus

Trj/Genetic.gen

14.09.29.11

Qihoo 360 Security

Win32/Virus.Adware.970

1.0.0.1015

Reason Heuristics

PUP.BertaBridEco.e

14.9.29.11

File size:

118.4 KB (121,240 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\radio canyon\b091f5a8-3bbb-42b7-9ce5-f05d09a60a7a.dll

Digital Signature

Signed by:

Berta Brid Eco

Authority:

COMODO CA Limited

Valid from:

8/14/2014 4:00:00 AM

Valid to:

8/15/2015 3:59:59 AM

Subject:

CN=Berta Brid Eco, O=Berta Brid Eco, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EF48FE90F98CEC7AF0FDEECC0B376D44

File PE Metadata

Compilation timestamp:

9/25/2014 11:34:22 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:Cc94gF8rzFskfjyAaXF0+DkOk+m0o+8c7WnsWjcdk9LiDs3/c2:e48NsIj6FY7Z+lWIILiDs3/t

Entry address:

0x4E27

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B9, 2A, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, D8, 7A, 01, 10, E8, DA, 14, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 48, A2, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 20, 30, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.0569

Developed / compiled with:

Microsoft Visual C++

Code size:

64.5 KB (66,048 bytes)

The file b091f5a8-3bbb-42b7-9ce5-f05d09a60a7a.dll has been discovered within the following program.

Radio Canyon by Bright circle investments Ltd.

Radio Canyon (Porter Studio Plus) is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

88% remove it

Remove b091f5a8-3bbb-42b7-9ce5-f05d09a60a7a.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.