» enformation 1.1-nova.dll
Overview
Analysis
File Details

enformation 1.1-nova.dll

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The module enformation 1.1-nova.dll by Sailor Project has been detected as adware by 4 anti-malware scanners. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Sailor Project (signed and verified)

MD5:

5d00eb5a6968a4abb95159457b2524e1

SHA-1:

0c2c7d67e00959b5c6a63304b7afbc751c0bf8b8

SHA-256:

5e33af0b1a84929bbb6b19827ba1c72898b68a295d84126e8b435cc86efb58f6

Scanner detections:

4 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:

4/27/2024 3:34:50 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14910

ESET NOD32

probably Win32/Toolbar.CrossRider.AI potentially unwanted application

8.7.0.302.0

herdProtect (fuzzy)

variant of free video grabber 6.6-nova.dll (Adware)

2014.9.10.4

Reason Heuristics

PUP.SailorProject.T

14.7.29.22

File size:

125.4 KB (128,360 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\enformation 1.1\enformation 1.1-nova.dll

Digital Signature

Signed by:

Sailor Project

Authority:

COMODO CA Limited

Valid from:

7/17/2014 8:00:00 PM

Valid to:

7/18/2015 7:59:59 PM

Subject:

CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47C5F145C734CD3D086C0A102176F0A1

File PE Metadata

Compilation timestamp:

7/27/2014 6:03:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:OGYPb6k1WXCkkNTU9fvb0OLOVw72uOkO0I5+2cB5dsWjcdE6VjDhVsZ94PIsW:RYWk1WXCkkNQJaVQI5+fiE6JD84PC

Entry address:

0x6467

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B9, 2A, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, F8, 8A, 01, 10, E8, DA, 14, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 48, B2, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, B0, 40, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.1200

Developed / compiled with:

Microsoft Visual C++

Code size:

71.5 KB (73,216 bytes)

Remove enformation 1.1-nova.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.