» hdpurev9.5-bho.dll
Overview
Analysis
File Details

hdpurev9.5-bho.dll

HDPureV9.5

Evangelion Group

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The module hdpurev9.5-bho.dll by Evangelion Group has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, it installs a BHO in the browser in order to manage the functionality of the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

hdpurev9.5-bho.dll

Publisher:

HDPure (signed by Evangelion Group)

Product:

HDPureV9.5

Description:

HDPureV9.5 BHO

Version:

1.1.153.25

MD5:

756a5a788680107e5e8ab83eb9e91e9f

SHA-1:

b02c8f748088bf7a68386f7266c1fcb5da8d085c

SHA-256:

45d025bde6ff0a4d2ba9f14307d57bba21ebb49a1dbd77a9911ec3f3e38ee0ec

Scanner detections:

1 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Evangelion Group.

Analysis date:

4/27/2024 2:21:39 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Crossrider (M)

17.3.9.21

File size:

524.4 KB (536,944 bytes)

Product version:

1.1.153.25

Original file name:

HDPureV9.5.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\hdpurev9.5\hdpurev9.5-bho.dll

Digital Signature

Signed by:

Evangelion Group

Authority:

COMODO CA Limited

Valid from:

7/27/2014 9:00:00 PM

Valid to:

7/28/2015 8:59:59 PM

Subject:

CN=Evangelion Group, O=Evangelion Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0095E2A1168FF10F1D56CF5FFE4ABC7450

Registration

CLSID:

{22222222-2222-2222-2222-220622172278}

ProgID:

CrossriderApp0061778.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

8/13/2014 7:07:45 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

Entry address:

0x3B207

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 4A, B3, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 20, 19, 07, 10, E8, BA, 30, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 68, 82, 07, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 70, 2A, 06, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

352.5 KB (360,960 bytes)

Remove hdpurev9.5-bho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.