» free video grabber 6.6-nova.dll
Overview
Analysis
File Details

free video grabber 6.6-nova.dll

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The module free video grabber 6.6-nova.dll by Sailor Project has been detected as adware by 3 anti-malware scanners. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Sailor Project (signed and verified)

MD5:

8a89b585cf0daf0c9c6021d3ab88e7d1

SHA-1:

e45b1b5c96396fc692367d058788e19b8db2f792

SHA-256:

036fe1723bb7245bccc84d576a5c0eabd55b1438eb2e7e3882f4ad33ec73d52a

Scanner detections:

3 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:

5/8/2024 4:44:22 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14728

ESET NOD32

probably Win32/Toolbar.CrossRider.AI potentially unwanted application

7.0.302.0

Reason Heuristics

PUP.SailorProject.BB

14.7.28.4

File size:

125.4 KB (128,360 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\free video grabber 6.6\free video grabber 6.6-nova.dll

Digital Signature

Signed by:

Sailor Project

Authority:

COMODO CA Limited

Valid from:

7/18/2014 1:00:00 AM

Valid to:

7/19/2015 12:59:59 AM

Subject:

CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47C5F145C734CD3D086C0A102176F0A1

File PE Metadata

Compilation timestamp:

7/27/2014 11:03:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:OEPb6k1WXCkkNTU9fvb0OLOVw72uOkO0I5+2cB5dsWjcdE6VjDhVsZ94PI4:7Wk1WXCkkNQJaVQI5+fiE6JD84Ph

Entry address:

0x6467

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B9, 2A, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, F8, 8A, 01, 10, E8, DA, 14, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 48, B2, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, B0, 40, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.1200

Developed / compiled with:

Microsoft Visual C++

Code size:

71.5 KB (73,216 bytes)

Remove free video grabber 6.6-nova.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.