» cinema-plus-1.2-nova.dll
Overview
Analysis
File Details

cinema-plus-1.2-nova.dll

Motoko Group

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The module cinema-plus-1.2-nova.dll by Motoko Group has been detected as adware by 8 anti-malware scanners. The library is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Motoko Group (signed and verified)

MD5:

1ff172c1f0f9873e16c9ea3e39649575

SHA-1:

6841a9a2f2ed5c644da3de4a076e8a70e636bf8c

SHA-256:

b5d653e99f4dbca74a3f69ceb567a4e7111642301a559ed76545e871744622d9

Scanner detections:

8 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/27/2024 2:53:48 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3373

Baidu Antivirus

Adware.Win32.GoogUpdate

4.0.3.14915

ESET NOD32

Win32/Toolbar.CrossRider.AI potentially unwanted application

7.0.302.0

G Data

Win32.Adware.Crossrider

14.8.24

IKARUS anti.virus

AdWare.Win32.Crossrider

t3scan.1.7.5.0

Kaspersky

Trojan.NSIS.GoogUpdate

15.0.0.494

nProtect

Trojan/W32.Agent.126312

14.08.22.01

Reason Heuristics

PUP.MotokoGroup.T

14.8.22.22

File size:

123.4 KB (126,312 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\cinema-plus-1.2\cinema-plus-1.2-nova.dll

Digital Signature

Signed by:

Motoko Group

Authority:

COMODO CA Limited

Valid from:

7/17/2014 7:00:00 PM

Valid to:

7/18/2015 6:59:59 PM

Subject:

CN=Motoko Group, O=Motoko Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AAFC4F8011F7FD7C00748C990950D28A

File PE Metadata

Compilation timestamp:

7/22/2014 5:03:29 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:VxLUUSwIDFEPSkDhgoiZVxuCkV08+iS4cz9ysWjcdS1EG10DYIUWeXv:zDxIEPnVGVj8+NR99S1Ek0DHUWE

Entry address:

0x60C7

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B9, 2A, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, A8, 8A, 01, 10, E8, DA, 14, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 48, B2, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 40, 40, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.1039

Developed / compiled with:

Microsoft Visual C++

Code size:

69.5 KB (71,168 bytes)

Remove cinema-plus-1.2-nova.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.