» cinamehdpurev9.5-nova.dll
Overview
Analysis
File Details

cinamehdpurev9.5-nova.dll

Motoko Group

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The module cinamehdpurev9.5-nova.dll by Motoko Group has been detected as adware by 9 anti-malware scanners. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Motoko Group (signed and verified)

MD5:

c6f06d86d12288ba3e8e53ce765b2eb3

SHA-1:

a86c1771fae99cffbd252400d0cfa80a0b1538b3

SHA-256:

dd6daeea9fec286aee611bb358a72201b50c71e06f3cfbfc399c4bdc7bba22b2

Scanner detections:

9 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

5/19/2024 1:51:30 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3398

ESET NOD32

Win32/Toolbar.CrossRider.AI potentially unwanted application

8.7.0.302.0

G Data

Win32.Adware.Crossrider

14.9.24

herdProtect (fuzzy)

variant of hqube-v1.6-nova.dll (Adware)

2014.9.10.2

IKARUS anti.virus

AdWare.Win32.Crossrider

t3scan.1.7.5.0

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.3487

Reason Heuristics

PUP.MotokoGroup.U

14.7.29.15

Rising Antivirus

PE:Malware.Bundlore!6.180F

23.00.65.14727

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

File size:

127.4 KB (130,408 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\cinamehdpurev9.5\cinamehdpurev9.5-nova.dll

Digital Signature

Signed by:

Motoko Group

Authority:

COMODO CA Limited

Valid from:

7/18/2014 7:00:00 AM

Valid to:

7/19/2015 6:59:59 AM

Subject:

CN=Motoko Group, O=Motoko Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AAFC4F8011F7FD7C00748C990950D28A

File PE Metadata

Compilation timestamp:

7/25/2014 5:03:28 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:AFWmZTEJURwa2tUY5+35poNN9OjFdS43t:AFFtEJzaVM9N96S49

Entry address:

0x6388

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 77, 39, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, C8, 9A, 01, 10, E8, D9, 14, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 4C, C2, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 50, 50, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.1270

Developed / compiled with:

Microsoft Visual C++

Code size:

73.5 KB (75,264 bytes)

Remove cinamehdpurev9.5-nova.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.