» f0c5c4f2-2d3c-448d-a859-c3b2517717bf.dll
Overview
Analysis
File Details
Programs (1)

f0c5c4f2-2d3c-448d-a859-c3b2517717bf.dll

Crossrider Advanced Technologies

Part of the Crossrider framework, a web browser extension that will deliver advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The module f0c5c4f2-2d3c-448d-a859-c3b2517717bf.dll by Crossrider Advanced Technologies has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Radio Canyon by Bright circle investments Ltd. which is a potentially unwanted software program. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

Crossrider Advanced Technologies (signed and verified)

MD5:

5dd1ad31add4065719c4df4723fc768b

SHA-1:

b7e7ed960dc80bb746e92f268cc9efa7d722af3d

SHA-256:

d83285a70bd290d6b6baea08e46194f65b47173eff0f5aad6fe5936edb77398f

Scanner detections:

1 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/26/2024 2:05:42 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Crossrider.CrossriderAdvancedTechnologies (M)

16.2.3.2

File size:

135.2 KB (138,456 bytes)

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\radio canyon\f0c5c4f2-2d3c-448d-a859-c3b2517717bf.dll

Digital Signature

Signed by:

Crossrider Advanced Technologies

Authority:

COMODO CA Limited

Valid from:

9/24/2012 7:00:00 AM

Valid to:

9/25/2015 6:59:59 AM

Subject:

CN=Crossrider Advanced Technologies, O=Crossrider Advanced Technologies, STREET=40 Lilienblum St, L=Tel-Aviv, S=Israel, PostalCode=65133, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B9966EA31AF5750F30968D041D15669B

File PE Metadata

Compilation timestamp:

10/31/2014 3:34:25 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:J9T6SIyWp7TAoL4LZhg+oGAt9SGwSkoUgd+C0cBSsWjcdm7mp2oJvVsm:T7IyWp7TDiXg19SHC+Om7mp2yv1

Entry address:

0x6F1C

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, AA, 2D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, E0, AA, 01, 10, E8, E5, 14, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 4C, D2, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, E0, 5F, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

77 KB (78,848 bytes)

The file f0c5c4f2-2d3c-448d-a859-c3b2517717bf.dll has been discovered within the following program.

Radio Canyon by Bright circle investments Ltd.

Radio Canyon (Porter Studio Plus) is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

88% remove it

Remove f0c5c4f2-2d3c-448d-a859-c3b2517717bf.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.