» cinema-plus-1.2-bho64.dll
Overview
Analysis
File Details

cinema-plus-1.2-bho64.dll

Cinema-Plus-1.2

Bright circle investments Ltd.

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The module cinema-plus-1.2-bho64.dll, “Cinema-Plus-1.2 BHO” by Bright circle investments has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of Cinema Plus addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Cinema Plus (signed by Bright circle investments Ltd.)

Product:

Cinema-Plus-1.2

Description:

Cinema-Plus-1.2 BHO

Version:

1000.1000.1000.1000

MD5:

5fd35a8b02a5e0add430dffe5c525b3c

SHA-1:

fc1bccbbb18c8b782f15d954371a43763156be0c

SHA-256:

5da1a4fd96bac79e643e4e303afe9eae3b2779c19f9cf86de0ad7546410925c2

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Bright circle investments Ltd..

Analysis date:

4/25/2024 7:21:41 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Crossrider (M)

17.2.26.10

File size:

685.6 KB (702,008 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Cinema-Plus-1.2.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\cinema-plus-1.2\cinema-plus-1.2-bho64.dll

Digital Signature

Signed by:

Bright circle investments Ltd.

Authority:

COMODO CA Limited

Valid from:

6/20/2014 2:00:00 AM

Valid to:

6/21/2015 1:59:59 AM

Subject:

CN=Bright circle investments Ltd., O=Bright circle investments Ltd., STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4347D0F2AD67F1767C932B3BFBEA7713

File PE Metadata

Compilation timestamp:

7/16/2014 12:06:28 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

Entry address:

0x4F15C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, AF, CB, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 28, 41, 05, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Code size:

442.5 KB (453,120 bytes)

Remove cinema-plus-1.2-bho64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.