» myradioplayer64.dll
Overview
Analysis
File Details
Behaviors (1)

myradioplayer64.dll

myradioplayer.dll

myradioplayer

This is part of the Sendori web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module myradioplayer64.dll by myradioplayer has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed as a Winsock Layered Service Provider (LSP) named “myradioplayer over [MSAFD Tcpip [TCP/IP]]” as a layered chain entry.

File name:

myradioplayer64.dll

Publisher:

myradioplayer (signed and verified)

Product:

myradioplayer.dll

Version:

2.2.9.10

MD5:

81def8c20874f2bcd4f30949410f2a91

SHA-1:

7884001a4e2ba70df2f5917799b0df526015f875

SHA-256:

86c1a9e4a3d300d490ed64bb97e232a711e29a7229a505f4f1cd3c01642315f1

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/12/2024 3:43:22 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.myradioplayer.P

14.12.18.11

File size:

453.2 KB (464,120 bytes)

Product version:

2.2.9.10

File type:

Dynamic link library (Win64 DLL)

Language:

Language Neutral

Common path:

C:\Windows\System32\myradioplayer64.dll

Digital Signature

Signed by:

myradioplayer

Authority:

VeriSign, Inc.

Valid from:

8/14/2014 8:00:00 PM

Valid to:

8/14/2017 7:59:59 PM

Subject:

CN=myradioplayer, O=myradioplayer, L=San Leandro, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

42911589C907180DE25AE153A05008F6

File PE Metadata

Compilation timestamp:

8/29/2014 10:30:19 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:XDh/q0K+1fyJL5HPCEa6rpMEpjkALUT0nGPzajfhx1TSauqha++0c:X1PNyJHa6BFieGLif/a++H

Entry address:

0x37B94

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 2F, 8A, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, AB, FE, FF, FF, CC, CC, CC, 48, 83, EC, 28, 48, 8B, 0D, E1, 3F, 03, 00, E8, F8, 1D, 00, 00, 48, 85, C0, 74, 02, FF, D0, B9, 19, 00, 00, 00, E8, 63, 8B, 00, 00, BA, 01, 00, 00, 00, 33, C9, E8, 3B, 8B, 00, 00, 48, 83, C4, 28, E9, 8E, 8A, 00, 00, CC, CC, 48, 89, 54, 24, 10, 4C, 89, 44... 
[+]

Entropy:

6.2460

Code size:

311.5 KB (318,976 bytes)

Winsock2 LSP

Name:

myradioplayer over [MSAFD Tcpip [TCP/IP]]

Type:

Layered Chain Entry

Provider ID:

{F2607C08-DDE4-4171-A8DE-EC743D1971C4}

Service flags:

0x66

Remove myradioplayer64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.