» ecbd3552-0d73-4c4d-a226-2fd0d244c0d2.dll
Overview
Analysis
File Details
Programs (1)

ecbd3552-0d73-4c4d-a226-2fd0d244c0d2.dll

Crossrider Advanced Technologies

Part of the Crossrider framework, a web browser extension that will deliver advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The module ecbd3552-0d73-4c4d-a226-2fd0d244c0d2.dll by Crossrider Advanced Technologies has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Radio Canyon by Bright circle investments Ltd. which is a potentially unwanted software program. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

Crossrider Advanced Technologies (signed and verified)

MD5:

4e481076b4ec28256f770eefa4e1812f

SHA-1:

f67ad6345a0817dc9299b114835436c356bf5687

SHA-256:

9033f4a7c25349b1283f9c3ac21a0cb2ed0499d3300accc24597bf9ce1a22dfa

Scanner detections:

1 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/26/2024 1:38:47 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Crossrider.CrossriderAdvancedTechnologies (M)

16.1.31.17

File size:

161.2 KB (165,080 bytes)

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\radio canyon\ecbd3552-0d73-4c4d-a226-2fd0d244c0d2.dll

Digital Signature

Signed by:

Crossrider Advanced Technologies

Authority:

COMODO CA Limited

Valid from:

9/24/2012 7:00:00 AM

Valid to:

9/25/2015 6:59:59 AM

Subject:

CN=Crossrider Advanced Technologies, O=Crossrider Advanced Technologies, STREET=40 Lilienblum St, L=Tel-Aviv, S=Israel, PostalCode=65133, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B9966EA31AF5750F30968D041D15669B

File PE Metadata

Compilation timestamp:

11/6/2014 3:32:48 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:0ztYTJ6ErpgDJjTFCiPF5GGw5sZSvuhI+flN3Mc9IR13g0z:kCrydTIcFrWsZ+uhIe3Ju1pz

Entry address:

0x8C5C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, EF, 3C, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 10, CB, 01, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Code size:

93 KB (95,232 bytes)

The file ecbd3552-0d73-4c4d-a226-2fd0d244c0d2.dll has been discovered within the following program.

Radio Canyon by Bright circle investments Ltd.

Radio Canyon (Porter Studio Plus) is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

88% remove it

Remove ecbd3552-0d73-4c4d-a226-2fd0d244c0d2.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.