» Newtonsoft.Json.dll
Overview
Analysis
File Details

Newtonsoft.Json.dll

Json.NET

SqueakyChocolate

Newtonsoft.Json.dll is the assembly provides support for JSON parsing for .NET applications and is recompiled by SqueakyChocolate. The library Newtonsoft.Json.dll, “Json.NET .NET 2.0” by SqueakyChocolate has been known to be a potentially unwanted program that has been detected by 1 anti-malware scanner. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself. It is also typically executed from the user's temporary directory.

File name:

Newtonsoft.Json.dll

Publisher:

Newtonsoft (signed by SqueakyChocolate)

Product:

Json.NET

Description:

Json.NET .NET 2.0

Version:

4.5.11.15520

MD5:

4f19c9eea3dd1f123139f487833c585f

SHA-1:

54768aba050099320bb990d4c17eafb4a33356dd

SHA-256:

fbff25e84044eccd444763e73556406006efdcca1aa67b2bd474b99225565f04

Scanner detections:

1 / 68

Status:

Inconclusive but possibly unwanted (It is part of a common redistributable library)

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 10:05:16 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Common.PartOf.PUP.installCore.SqueakyChocolate (M)

16.2.11.16

File size:

402.4 KB (412,040 bytes)

Product version:

4.5.11.15520

Original file name:

Newtonsoft.Json.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\newtonsoft.json.dll

Digital Signature

Signed by:

SqueakyChocolate

Authority:

COMODO CA Limited

Valid from:

2/20/2012 1:00:00 AM

Valid to:

2/20/2015 12:59:59 AM

Subject:

CN=SqueakyChocolate, O=SqueakyChocolate, STREET=12902 Dorathea Terrace, L=Poway, S=CA, PostalCode=92064, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B696A8829DC1E0486236AF86C6DC0B70

File PE Metadata

Compilation timestamp:

11/20/2012 10:45:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:WirJ6jtXlvw1YRsWQv8MAOX54Vhsu27v1GmBhmLIPr0tqKx5g6e2Mbf8:WA6VlI1E/+kx2zd/QoKL3e2ML8

Entry address:

0x6478E

Entry point:

FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

394 KB (403,456 bytes)

Scan Newtonsoft.Json.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.