» enformation-bho.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

enformation-bho.dll

enformation

Marketing

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module enformation-bho.dll has been detected as adware by 22 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘CrossriderApp0056508’. This file is typically installed with the program enformation by Robokid Technologies which is a potentially unwanted software program. This is the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, it installs a BHO in the browser in order to manage the functionality of the addon.

File name:

enformation-bho.dll

Publisher:

Marketing

Product:

enformation

Description:

enformation BHO

Version:

1.1.153.21

MD5:

318721a47ce54c6ee3c9381dd36bb336

SHA-1:

364ecc3e1ee81af2a40abf3a26488340b81b2c02

SHA-256:

cf26848b6d685187a218205cdba9a0bc365fd58c80be1fbd5ee2fe23649905d4

Scanner detections:

22 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/26/2024 1:44:05 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.146232

865

Avira AntiVirus

Adware/CrossRider.A.15396

7.11.158.148

avast!

Win32:Adware-gen [Adw]

2014.9-140922

AVG

Generic

2015.0.3343

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14711

Bitdefender

Gen:Variant.Adware.Graftor.146232

1.0.20.1325

Clam AntiVirus

Win.Adware.Agent-7646

0.98/19086

Dr.Web

DLOADER.Trojan

9.0.1.0265

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.146232

8.14.09.22.12

ESET NOD32

Win32/Toolbar.CrossRider.AF potentially unwanted application

7.0.302.0

F-Prot

W32/A-eb9ef301

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Graftor.146232

11.2014-22-09_2

G Data

Gen:Variant.Adware.Graftor.146232

14.9.24

IKARUS anti.virus

Gen.AdWare.Plush

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.Enformation.A

v2014.07.11.01

McAfee

Artemis!4EDFBA8B6176

5600.6999

MicroWorld eScan

Gen:Variant.Adware.Graftor.146232

15.0.0.795

Qihoo 360 Security

HEUR/Malware.QVM30.Gen

1.0.0.1015

Reason Heuristics

PUP.Crossrider.Marketing.P

14.7.11.0

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.14709

Sophos

AppRider

4.98

VIPRE Antivirus

Threat.4789396

31088

File size:

594.5 KB (608,768 bytes)

Product version:

1.1.153.21

Original file name:

enformation.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\enformation\enformation-bho.dll

File PE Metadata

Compilation timestamp:

7/9/2014 3:07:25 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:wXbB9miI0asXC33nkIKWvo9U2kuN+DTG7qi7:wLhXCnnbbccIMTl

Entry address:

0x43247

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 4A, B3, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, E0, 1E, 08, 10, E8, BA, 30, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 00, 94, 08, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 80, 2C, 07, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.5791

Developed / compiled with:

Microsoft Visual C++

Code size:

414.5 KB (424,448 bytes)

Internet Explorer BHO

Display name:

CrossriderApp0056508

CLSID:

{11111111-1111-1111-1111-110511651108}

CLSID name:

enformation

The file enformation-bho.dll has been discovered within the following program.

enformation by Robokid Technologies

enformation is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.

80% remove it

Remove enformation-bho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.