Newtonsoft.Json.dll

Json.NET

Hike Zone Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. Newtonsoft.Json.dll is the assembly provides support for JSON parsing for .NET applications and is recompiled by Hike Zone Plus. The module Newtonsoft.Json.dll, “Json.NET .NET 2.0” by Hike Zone Plus has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Newtonsoft  (signed by Hike Zone Plus)

Product:
Json.NET

Description:
Json.NET .NET 2.0

Version:
6.0.3.17227

MD5:
26a705400e6316d4a84775a63f6f8216

SHA-1:
ea5fe123fe6fcdcebae493b1a70453c8d07e0007

SHA-256:
a1a41f957c6bce26f2699d83287350603acba333cb0bf86a7cf55471a422c4fa

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is the assembly provides support for JSON parsing for .NET applications. While the file itself is not dangerous, it is part of a program that has been detected. Distributed through the Brightcircle investments brand.

Analysis date:
5/31/2020 6:55:09 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Brightcircle (M)
17.3.15.18

File size:
483.9 KB (495,512 bytes)

Product version:
6.0.3.17227

Copyright:
Copyright © James Newton-King 2008

Original file name:
Newtonsoft.Json.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\hdtubev1.6v24.09\newtonsoft.json.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/18/2014 9:00:00 PM

Valid to:
8/19/2015 8:59:59 PM

Subject:
CN=Hike Zone Plus, O=Hike Zone Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7DF4D8EF200BAB292519E3CF5597AD86

File PE Metadata
Compilation timestamp:
4/27/2014 12:12:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x7930E

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
477 KB (488,448 bytes)

Remove Newtonsoft.Json.dll - Powered by Reason Core Security