» Color My Facebook.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

Color My Facebook.dll

Color My Facebook

Safari Developer: (ZMLURJCR77) duvalaugustin@gmail.com

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module Color My Facebook.dll, “Color My Facebook BHO” by Safari Developer: (ZMLURJCR77) duvalaugustin@gmail.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘CrossriderApp0003847’. This file is typically installed with the program Color My Facebook by Duval which is a potentially unwanted software program. The library is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

Duval (signed by Safari Developer: (ZMLURJCR77) duvalaugustin@gmail.com)

Product:

Color My Facebook

Description:

Color My Facebook BHO

Version:

1.1.153.215

MD5:

fb2d2ec61f8cf1b850bfeeb09e8bec14

SHA-1:

3c9ac2422496a751117d82a63a2446b39e0cb20c

SHA-256:

e1b2dc4b417670dcbf6f05a77d0f6663f01d2b02c3ad730e40127dcff70566aa

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/26/2024 2:09:36 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Browser.Crossrider.BHO.Meta (M)

15.6.18.22

File size:

715.6 KB (732,760 bytes)

Product version:

1.1.153.215

Original file name:

Color My Facebook.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\color my facebook\color my facebook.dll

Digital Signature

Signed by:

Safari Developer: (ZMLURJCR77) duvalaugustin@gmail.com

Authority:

Apple Inc.

Valid from:

7/16/2012 1:25:00 AM

Valid to:

7/16/2013 1:25:00 AM

Subject:

C=FR, CN=Safari Developer: (ZMLURJCR77) duvalaugustin@gmail.com, OID.0.9.2342.19200300.100.1.1=3MV9W8EA58

Issuer:

CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US

Serial number:

24A43EE61F285A43

Registration

CLSIDs:

{11111111-1111-1111-1111-110011381147}, {22222222-2222-2222-2222-220022382247}

ProgIDs:

CrossriderApp0003847.BHO.1, CrossriderApp0003847.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

3/19/2013 5:02:33 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:4HYWNHiwKHH6QGWF1wXIJ1/Ey3qT3lIASGIs8Z5rh:4HY2CwKHaQGK13XEdT3lTSGIVPh

Entry address:

0x4931D

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, BC, B1, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, A2, B7, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, C0, 2F, 0A, 10, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18... 
[+]

Entropy:

6.6131

Code size:

508 KB (520,192 bytes)

Internet Explorer BHO

Display name:

CrossriderApp0003847

CLSID:

{11111111-1111-1111-1111-110011381147}

CLSID name:

Color My Facebook

The file Color My Facebook.dll has been discovered within the following program.

Color My Facebook by Duval

Publisher's description - “No more blue on Facebook! Choose your favorite color and see result instantly on your Facebook pages. Over 2,500,000 people downloaded Color My Facebook, the most popular and beautiful Facebook color changer! Are you?”

colormyfacebook.com

64% remove it

Remove Color My Facebook.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.