home

Newtonsoft.Json.dll

Json.NET

Hike Zone Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. Newtonsoft.Json.dll is the assembly provides support for JSON parsing for .NET applications and is recompiled by Hike Zone Plus. The module Newtonsoft.Json.dll, “Json.NET .NET 2.0” by Hike Zone Plus has been detected as adware by 5 anti-malware scanners. The library is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Newtonsoft  (signed by Hike Zone Plus)

Product:
Json.NET

Description:
Json.NET .NET 2.0

Version:
6.0.3.17227

MD5:
69f325bb05c565f70904d7e017bdb8cb

SHA-1:
15724bda1c83df3b89c5a1ea867bf897844e07af

SHA-256:
0f211b0d8dbbfc90114ed704f2021aaed48892fde8477071e1ee1712d1e44d50

Scanner detections:
5 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/20/2024 3:25:23 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Crossrider-Z [PUP]
151004-0

Dr.Web
Trojan.Crossrider1.25873
9.0.1.05190

ESET NOD32
Win32/Toolbar.CrossRider.BG potentially unwanted application
7.0.302.0

Reason Heuristics
Common.PUP.HikeZonePlus.O
14.9.20.20

VIPRE Antivirus
Threat.4150696
45208

File size:
483.9 KB (495,512 bytes)

Product version:
6.0.3.17227

Copyright:
Copyright © James Newton-King 2008

Original file name:
Newtonsoft.Json.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\cinema-shopt1.3v20.09\newtonsoft.json.dll

Digital Signature
Signed by:
Hike Zone Plus

Authority:
COMODO CA Limited

Valid from:
8/19/2014 1:00:00 AM

Valid to:
8/20/2015 12:59:59 AM

Subject:
CN=Hike Zone Plus, O=Hike Zone Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7DF4D8EF200BAB292519E3CF5597AD86

File PE Metadata
Compilation timestamp:
4/27/2014 4:12:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:L14RIXwj5Ga4BztxXRKSPJtvKlJ3EQo5WyscPcDb:LK4JzlvEEQo5WyscPc

Entry address:
0x7930E

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8777

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
477 KB (488,448 bytes)

Remove Newtonsoft.Json.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.