» cinplus-2.5cdtube hdv23.10-bho64.dll
Overview
Analysis
File Details

cinplus-2.5cdtube hdv23.10-bho64.dll

CinPlus-2.5cdTube HDV23.10

Radon Battery Technologies

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module cinplus-2.5cdtube hdv23.10-bho64.dll, “CinPlus-2.5cdTube HDV23.10 BHO” by Radon Battery Technologies has been detected as adware by 11 anti-malware scanners. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of CinHD Tube PlusV23.10 addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

CinHD Tube PlusV23.10 (signed by Radon Battery Technologies)

Product:

CinPlus-2.5cdTube HDV23.10

Description:

CinPlus-2.5cdTube HDV23.10 BHO

Version:

1000.1000.1000.1000

MD5:

2b3ee980c41cb480b8b9ac7a0a4fa58a

SHA-1:

335b8b2c90fe8b11b1547bd03188082ec4d7494c

SHA-256:

5cab4719600fe2bd9ab44873500613647a2f80bee7767c6eec2db41a31b7774e

Scanner detections:

11 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Radon Battery Technologies.

Analysis date:

4/25/2024 1:22:23 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen

8.3.2.2

avast!

Win32:Crossrider-AI [PUP]

2014.9-150916

Dr.Web

Trojan.Crossrider1.25393

9.0.1.0259

Emsisoft Anti-Malware

Adware.Generic.1101221

8.15.09.16.12

ESET NOD32

Win64/Toolbar.Crossrider (variant)

8.10613

F-Secure

Adware.Generic.1101221

11.2015-16-09_4

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.1417

Malwarebytes

PUP.Optional.CinemaPlus.A

v2014.10.24.06

Norman

GoogUpdate.CERT

11.20150916

Reason Heuristics

PUP.Crossrider.RadonBatteryTechnologies.EE

14.11.3.21

VIPRE Antivirus

Threat.4789396

33706

File size:

705.4 KB (722,352 bytes)

Product version:

1000.1000.1000.1000

Original file name:

CinPlus-2.5cdTube HDV23.10.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\cinplus-2.5cdtube hdv23.10\cinplus-2.5cdtube hdv23.10-bho64.dll

Digital Signature

Signed by:

Radon Battery Technologies

Authority:

COMODO CA Limited

Valid from:

10/19/2014 7:00:00 PM

Valid to:

10/20/2015 6:59:59 PM

Subject:

CN=Radon Battery Technologies, O=Radon Battery Technologies, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

7F9B9C37CAD6BBBD3FC6054F3D4FC97A

Registration

CLSIDs:

{11111111-1111-1111-1111-110611321185}, {22222222-2222-2222-2222-220622322285}

ProgIDs:

edccb4a004ec01329fbb0fbe6070a3f60063285.BHO.1, edccb4a004ec01329fbb0fbe6070a3f60063285.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

10/23/2014 2:38:00 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:rmN1BqmDFPJwBxPjvDVe7DTvP+1VNGrF5JHB:rmN1NJ2LDVMTn+1VA5Jh

Entry address:

0x51588

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 43, C9, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, BC, 4E, 05, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2078

Code size:

455 KB (465,920 bytes)

Remove cinplus-2.5cdtube hdv23.10-bho64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.