» browsers apps-bho64.dll
Overview
Analysis
File Details
Programs (1)

browsers apps-bho64.dll

Browsers Apps

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module browsers apps-bho64.dll, “Browsers Apps BHO” by Naruto Source has been detected as adware by 27 anti-malware scanners. This file is typically installed with the program Browsers Apps by Naruto Source which is a potentially unwanted software program. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of app addon. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

app (signed by Naruto Source)

Product:

Browsers Apps

Description:

Browsers Apps BHO

Version:

1000.1000.1000.1000

MD5:

13474113f515e4cc189ba08586ea9ae1

SHA-1:

36fae3a8a90d7a20112561f65ddb27d4196ce6c1

SHA-256:

16eccd56de567c6cb1042b5978c26662c2c064318465d63d4c142b4cab1ad58b

Scanner detections:

27 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Naruto Source.

Analysis date:

4/26/2024 10:17:45 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.PDC

6473648

AhnLab V3 Security

Win-PUP/CrossRider

2015.01.29

Avira AntiVirus

Adware/CrossRider.pl

7.11.170.208

avast!

Win32:Crossrider-AA [PUP]

150126-0

AVG

Stampede

2016.0.3216

Baidu Antivirus

Adware.Win32.GoogUpdate

4.0.3.15128

Bitdefender

Adware.Agent.PDC

1.0.20.140

Dr.Web

Trojan.Crossrider.28247

9.0.1.05190

Emsisoft Anti-Malware

Adware.Agent.PDC

9.0.0.4799

ESET NOD32

Win64/Toolbar.Crossrider.J potentially unwanted application

7.0.302.0

Fortinet FortiGate

W32/GoogUpdate.CT!tr

1/28/2015

F-Secure

Adware.Agent.PDC

5.13.68

G Data

Win64.Adware.Crossrider

15.1.24

IKARUS anti.virus

AdWare.Adload

t3scan.1.7.5.0

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

15.0.0.543

Malwarebytes

PUP.Optional.InfoHD.A

v2015.01.28.11

McAfee

Artemis!963ABC3072E7

5600.6872

MicroWorld eScan

Adware.Agent.PDC

16.0.0.84

nProtect

Adware.Agent.PDC

15.01.28.01

Panda Antivirus

Trj/Chgt.E

15.01.28.11

Qihoo 360 Security

Win32/Virus.Adware.960

1.0.0.1015

Reason Heuristics

Adware.Crossrider.Brightcircle

15.1.28.12

Rising Antivirus

PE:Trojan.Win32.Generic.1735F501!389412097

23.00.65.15126

Sophos

PUA 'AppRider' (of type Adware)

5.10

Trend Micro House Call

Suspicious_GEN.F47V0812

7.2.28

VIPRE Antivirus

Threat.4789396

31208

Zillya! Antivirus

Trojan.GoogUpdate.Win64.28

2.0.0.2048

File size:

703.4 KB (720,232 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Browsers Apps.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\browsers apps\browsers apps-bho64.dll

Digital Signature

Signed by:

Naruto Source

Authority:

COMODO CA Limited

Valid from:

7/27/2014 7:00:00 PM

Valid to:

7/28/2015 6:59:59 PM

Subject:

CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1CE82906A7F364268F66771839675655

Registration

CLSIDs:

{11111111-1111-1111-1111-110611171187}, {22222222-2222-2222-2222-220622172287}

ProgIDs:

CrossriderApp0061787.BHO.1, CrossriderApp0061787.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

8/11/2014 9:02:16 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:9h0Z/RaVTSswCboraabBEPFq3S7WfLjYh1htH+iqcOtuKntWyEeSdSLT29ULBwQ/:b8a0fxtDyddWuQJTId1Efm8AstG49

Entry address:

0x50A3C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, AF, CB, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, C8, 5A, 05, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2009

Code size:

454.5 KB (465,408 bytes)

The file browsers apps-bho64.dll has been discovered within the following program.

Browsers Apps by Naruto Source

Browsers Apps (Freeven) is an advertising-supported web browser toolbar/extension that will make the following changes to the browser's settings: - Changes the default home page and new tabs and protect these search settings - Changes the default search engine in your Internet Browser, including the browser's built-in search box - Adds an addition of alternative error page functionality, such as “Page Not Found” and DNS errors - Tracks usage behavior.

crossrider.com/install/61787-browsers-app

82% remove it

Remove browsers apps-bho64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.