home

Newtonsoft.Json.dll

Json.NET

Evangelion Group

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. Newtonsoft.Json.dll is the assembly provides support for JSON parsing for .NET applications and is recompiled by Evangelion Group. The module Newtonsoft.Json.dll, “Json.NET .NET 2.0” by Evangelion Group has been detected as adware by 14 anti-malware scanners. The library is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Newtonsoft  (signed by Evangelion Group)

Product:
Json.NET

Description:
Json.NET .NET 2.0

Version:
6.0.3.17227

MD5:
08921df673fd739fe3b01639a79956ce

SHA-1:
916c510da7fbd772e907bfd746d39ba1ffe15f6a

SHA-256:
9ef5f9c40f7a758e29b8556bc36337d66ab5fe7fe3d1d8915b4267ed178abca2

Scanner detections:
14 / 68

Status:
Adware

Explanation:
This is the assembly provides support for JSON parsing for .NET applications. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:
4/26/2024 10:29:10 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Crossrider-M [PUP]
2014.9-141126

AVG
Generic
2015.0.3278

Baidu Antivirus
Trojan.Win32.GoogUpdate
4.0.3.141126

IKARUS anti.virus
Trojan.GoogUpdate
t3scan.1.7.5.0

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.2887

McAfee
Artemis!08921DF673FD
5600.6934

nProtect
Trojan/W32.Agent.495472
14.08.21.01

Panda Antivirus
Trj/Chgt.B
14.11.26.02

Qihoo 360 Security
Win32/Trojan.921
1.0.0.1015

Reason Heuristics
Common.PUP.EvangelionGroup.O
14.11.26.14

Rising Antivirus
PE:Trojan.Win32.Generic.172B869F!388728479
23.00.65.141124

SUPERAntiSpyware
Trojan.Agent/Gen-MSIL
10214

Trend Micro House Call
Suspicious_GEN.F47V0814
7.2.330

Vba32 AntiVirus
TScope.Trojan.MSIL
3.12.26.3

File size:
483.9 KB (495,472 bytes)

Product version:
6.0.3.17227

Copyright:
Copyright © James Newton-King 2008

Original file name:
Newtonsoft.Json.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\cinema-plus-1.2c\newtonsoft.json.dll

Digital Signature
Signed by:
Evangelion Group

Authority:
COMODO CA Limited

Valid from:
7/27/2014 6:00:00 PM

Valid to:
7/28/2015 5:59:59 PM

Subject:
CN=Evangelion Group, O=Evangelion Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0095E2A1168FF10F1D56CF5FFE4ABC7450

File PE Metadata
Compilation timestamp:
4/26/2014 9:12:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:s14RIXwj5Ga4BztxXRKSPJtvKlJ3EQo5WyscPcDhr:sK4JzlvEEQo5WyscPK

Entry address:
0x7930E

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8775

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
477 KB (488,448 bytes)

Remove Newtonsoft.Json.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.