» bc87ed42-fc4b-4e96-a57c-205e7b900c72.dll
Overview
Analysis
File Details

bc87ed42-fc4b-4e96-a57c-205e7b900c72.dll

Evangelion Group

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The module bc87ed42-fc4b-4e96-a57c-205e7b900c72.dll by Evangelion Group has been detected as adware by 8 anti-malware scanners. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Evangelion Group (signed and verified)

MD5:

14718d2720c7dddfb6214fe75cd3ad2a

SHA-1:

5a9cc6a1e0e2a7f59454147299ba8e6d9d2e52c5

SHA-256:

f266eaa55ba6c5e4d78f4ab6f51959a4241f4e0c39d7dc43d0918098742f8422

Scanner detections:

8 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:

4/26/2024 8:09:12 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/CrossRider.pq

7.11.171.88

avast!

Win32:Crossrider-M [PUP]

140813-1

AVG

Generic

2015.0.3358

IKARUS anti.virus

AdWare.CrossRider

t3scan.1.7.5.0

Kaspersky

Trojan.NSIS.GoogUpdate

15.0.0.494

Panda Antivirus

Trj/Chgt.E

14.10.01.12

Qihoo 360 Security

Win32/Virus.Adware.970

1.0.0.1015

Reason Heuristics

PUP.EvangelionGroup.e

14.9.8.3

File size:

142.9 KB (146,288 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\v-9.1hd\bc87ed42-fc4b-4e96-a57c-205e7b900c72.dll

Digital Signature

Signed by:

Evangelion Group

Authority:

COMODO CA Limited

Valid from:

7/28/2014 10:00:00 AM

Valid to:

7/29/2015 9:59:59 AM

Subject:

CN=Evangelion Group, O=Evangelion Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0095E2A1168FF10F1D56CF5FFE4ABC7450

File PE Metadata

Compilation timestamp:

9/7/2014 8:02:42 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:xs99wqZhXLJsTxSrPTZGEHG5hsj/M/+r4tDnKLYrM+M:uUqZVL2TQr70Hsjo/aYvM

Entry address:

0x642C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 9F, 3C, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 40, B3, 01, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

5.9525

Code size:

81 KB (82,944 bytes)

Remove bc87ed42-fc4b-4e96-a57c-205e7b900c72.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.