» hdvid-codec v9.0-bho64.dll
Overview
Analysis
File Details
Programs (1)

hdvid-codec v9.0-bho64.dll

HDvid-Codec V9.0

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The module hdvid-codec v9.0-bho64.dll, “HDvid-Codec V9.0 BHO” by CoolMirage has been detected as adware by 32 anti-malware scanners. This file is typically installed with the program HDvid-Codec V9.0 by CoolMirage Ltd. which is a potentially unwanted software program. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of installdaddy addon.

File name:

Publisher:

installdaddy (signed by CoolMirage Ltd.)

Product:

HDvid-Codec V9.0

Description:

HDvid-Codec V9.0 BHO

Version:

1000.1000.1000.1000

MD5:

b31d722667262a2cf2f4df0df6eb2ad3

SHA-1:

11c9feafd807f145e03f6ffe74c9a8b5ed440357

SHA-256:

1b7c48c345c18a551bd8cf962acf2c5433e915bff771d950c53c8f92ee0e5f48

Scanner detections:

32 / 68

Status:

Adware

Explanation:

InstallDaddy bunldes adware such as toolbars and unwanted browser extensions.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is CoolMirage Ltd..

Analysis date:

4/26/2024 3:45:00 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.1230439

354

Agnitum Outpost

PUA.AdLoad

7.1.1

AhnLab V3 Security

Win-PUP/CrossRider

2015.04.29

Avira AntiVirus

ADWARE/CrossRider.Gen2

3.6.1.96

avast!

Win32:Crossrider-AK [PUP]

2014.9-160215

AVG

Crossrider

2017.0.2832

Baidu Antivirus

Adware.Win64.CrossAd

4.0.3.16215

Bitdefender

Adware.Generic.1230439

1.0.20.230

Bkav FE

W64.HfsAdware

1.3.0.6379

Comodo Security

UnclassifiedMalware

18714

Dr.Web

Adware.Toolbar.232

9.0.1.046

Emsisoft Anti-Malware

Adware.Generic.1230439

8.16.02.15.05

ESET NOD32

Win64/Toolbar.Crossrider.F potentially unwanted (variant)

10.11548

Fortinet FortiGate

Adware/Adload

2/15/2016

F-Secure

Adware.Generic.1230439

11.2016-15-02_2

G Data

Adware.Generic.1230439

16.2.25

IKARUS anti.virus

PUA.CrossRider

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.180.12553

Kaspersky

not-a-virus:AdWare.Win32.AdLoad

14.0.0.656

Malwarebytes

PUP.Optional.HDvidCodec.A

v2016.02.15.05

McAfee

RDN/Generic PUP.z!gh

5600.6488

MicroWorld eScan

Adware.Generic.1230439

17.0.0.138

Panda Antivirus

Trj/Chgt.A

16.02.15.05

Qihoo 360 Security

Win32/Trojan.Adware.37e

1.0.0.1015

Quick Heal

AdWare.AdLoad.r7 (Not a Virus)

2.16.14.00

Reason Heuristics

Adware.Crossrider.CoolMirage (M)

16.2.15.17

Rising Antivirus

PE:Malware.CrossRider!6.2278

23.00.65.16213

Sophos

AppRider

4.98

Trend Micro House Call

TROJ_GEN.R08NC0EDM15

7.2.46

Trend Micro

TROJ_GEN.R08NC0EDM15

10.465.15

Vba32 AntiVirus

AdWare.AdLoad

3.12.26.3

VIPRE Antivirus

Crossrider

39762

File size:

767.4 KB (785,792 bytes)

Product version:

1000.1000.1000.1000

Original file name:

HDvid-Codec V9.0.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\hdvid-codec v9.0\hdvid-codec v9.0-bho64.dll

Digital Signature

Signed by:

CoolMirage Ltd.

Authority:

Thawte, Inc.

Valid from:

6/6/2013 2:00:00 AM

Valid to:

6/7/2014 1:59:59 AM

Subject:

CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

110F603E63C86349A5F243EA06966F33

Registration

CLSIDs:

{11111111-1111-1111-1111-110511131156}, {22222222-2222-2222-2222-220522132256}

ProgID:

CrossriderApp0051356.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

6/9/2014 12:05:37 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:U46o9kzzj6eTIsXic9JqOWumJTUiI+3L4GRmP5:U4R9Qj6PsX59fWhTg+3L4GQh

Entry address:

0x583B8

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, DB, CA, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 6C, DB, 05, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2247

Code size:

500.5 KB (512,512 bytes)

The file hdvid-codec v9.0-bho64.dll has been discovered within the following program.

HDvid-Codec V9.0 by CoolMirage Ltd.

HDVidCodec is an adware (advertising support) web browser application that is designed to display banner ads as well as contextual link ads (such as hyperlinks the user will see underlined).

www.coolmirage.com

80% remove it

Remove hdvid-codec v9.0-bho64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.