» mplayerplus_01-bho64.dll
Overview
Analysis
File Details
Programs (1)

mplayerplus_01-bho64.dll

MPlayerplus_01

Kimahri Software inc.

This adware uses the Crossrider platform to build and distribute this web browser advertising injection extension. Once installed in the browser it will hijack various browser settings (homepage, search) and may interfere and track behaviors as well as deliver ads. The module mplayerplus_01-bho64.dll, “MPlayerplus_01 BHO” by Kimahri Software inc has been detected as adware by 9 anti-malware scanners. This file is typically installed with the program MPlayerplus_01 by Kimahri Software inc. which is a potentially unwanted software program. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of Freeven addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Freeven (signed by Kimahri Software inc.)

Product:

MPlayerplus_01

Description:

MPlayerplus_01 BHO

Version:

1000.1000.1000.1000

MD5:

a39845d40ff4bb4a28bb07065ce7625d

SHA-1:

095216c02487e5e7a2268604fd33aca2abbfd7a9

SHA-256:

fb99f8848db399603132bdb21d28f7208f2b25337477ed3f08721b72e1d87c0e

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Kimahri Software inc..

Analysis date:

4/26/2024 8:16:59 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.168.126

avast!

Win32:Crossrider-F [PUP]

140813-1

Baidu Antivirus

Adware.Win64.Crossrider

4.0.3.14821

ESET NOD32

Win64/Toolbar.Crossrider.F potentially unwanted application

7.0.302.0

IKARUS anti.virus

PUA.CrossRider

t3scan.1.7.5.0

Malwarebytes

PUP.Optional.MPlayerplus.A

v2014.08.21.01

Panda Antivirus

PUP/PlusHD

14.08.21.01

Reason Heuristics

PUP.Crossrider.KimahriSoftwareinc.U

14.8.21.12

VIPRE Antivirus

Threat.4789396

32210

File size:

715.4 KB (732,520 bytes)

Product version:

1000.1000.1000.1000

Original file name:

MPlayerplus_01.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\mplayerplus_01\mplayerplus_01-bho64.dll

Digital Signature

Signed by:

Kimahri Software inc.

Authority:

COMODO CA Limited

Valid from:

3/6/2013 4:00:00 PM

Valid to:

3/6/2016 3:59:59 PM

Subject:

CN=Kimahri Software inc., O=Kimahri Software inc., STREET=666 Sherbrooke Rue w, L=Montreal, S=Quebec, PostalCode=H3A 1E7, C=CA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A1BB8569950C0B2080A11A0E2F618B33

Registration

CLSIDs:

{11111111-1111-1111-1111-110511421146}, {22222222-2222-2222-2222-220522422246}

ProgIDs:

CrossriderApp0054246.BHO.1, CrossriderApp0054246.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

5/16/2014 10:08:57 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:P2rkts9JUh0Dk6p//r2kVOvOmr4HCwOrg3mFgjir6ElmpXpReVSGS9k8GRYKVWnB:8CdkVJfagCXXsu1octE31eTqiF/lLhlM

Entry address:

0x4F9C4

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, DF, CA, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 80, 90, 05, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2189

Code size:

461.5 KB (472,576 bytes)

The file mplayerplus_01-bho64.dll has been discovered within the following program.

MPlayerplus_01 by Kimahri Software inc.

This adware injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links (roll-overs) as well as some popup ads.

85% remove it

Remove mplayerplus_01-bho64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.