home

Newtonsoft.Json.dll

Json.NET

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. Newtonsoft.Json.dll is the assembly provides support for JSON parsing for .NET applications and is recompiled by Naruto Source. The module Newtonsoft.Json.dll, “Json.NET .NET 2.0” by Naruto Source has been detected as adware by 8 anti-malware scanners. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Newtonsoft  (signed by Naruto Source)

Product:
Json.NET

Description:
Json.NET .NET 2.0

Version:
6.0.3.17227

MD5:
98f652ada0a2ecfd6b2e12e85e0700a2

SHA-1:
3bd70b27927ba55b05303444d0ba1824893c7354

SHA-256:
49533f59cdd61a51af39323bcc6d82116aa0d2ef8d05d3b03129b660826599e3

Scanner detections:
8 / 68

Status:
Adware

Explanation:
This is the assembly provides support for JSON parsing for .NET applications. While the file itself is not dangerous, it is part of a program that has been detected. Distributed through the Brightcircle investments brand.

Analysis date:
4/26/2024 4:20:59 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/CrossRider.pq
7.11.170.50

AVG
Generic
2015.0.3365

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
14.0.0.3320

nProtect
Trojan/W32.Agent.495464
14.08.31.01

Qihoo 360 Security
Win32/Virus.Adware.970
1.0.0.1015

Reason Heuristics
Common.PUP.NarutoSource.O
14.9.1.1

SUPERAntiSpyware
Trojan.Agent/Gen-MSIL
10387

Vba32 AntiVirus
Trojan.GoogUpdate
3.12.26.3

File size:
483.9 KB (495,464 bytes)

Product version:
6.0.3.17227

Copyright:
Copyright © James Newton-King 2008

Original file name:
Newtonsoft.Json.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\savepass 1.1\newtonsoft.json.dll

Digital Signature
Signed by:
Naruto Source

Authority:
COMODO CA Limited

Valid from:
7/28/2014 5:30:00 AM

Valid to:
7/29/2015 5:29:59 AM

Subject:
CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1CE82906A7F364268F66771839675655

File PE Metadata
Compilation timestamp:
4/27/2014 8:42:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:l14RIXwj5Ga4BztxXRKSPJtvKlJ3EQo5WyscPcD9:lK4JzlvEEQo5WyscPe

Entry address:
0x7930E

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8774

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
477 KB (488,448 bytes)

Remove Newtonsoft.Json.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.