» Newtonsoft.Json.dll
Overview
Analysis
File Details

Newtonsoft.Json.dll

Json.NET

SqueakyChocolate

Newtonsoft.Json.dll is the assembly provides support for JSON parsing for .NET applications and is recompiled by SqueakyChocolate. The module Newtonsoft.Json.dll, “Json.NET .NET 2.0” by SqueakyChocolate has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself. It is also typically executed from the user's temporary directory.

File name:

Newtonsoft.Json.dll

Publisher:

Newtonsoft (signed by SqueakyChocolate)

Product:

Json.NET

Description:

Json.NET .NET 2.0

Version:

4.5.11.15520

MD5:

8b7b0d747febefa9a3160a7d31da9add

SHA-1:

f5952577e79731d41609067917888dfe1d926d79

SHA-256:

ae033cd847300e5fe658b279dfc7f70746482240ca2966da3bc510270991ad53

Scanner detections:

1 / 68

Status:

Adware

Explanation:

This is the assembly provides support for JSON parsing for .NET applications. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:

4/26/2024 10:08:44 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.installCore (M)

16.11.7.20

File size:

402.4 KB (412,040 bytes)

Product version:

4.5.11.15520

Original file name:

Newtonsoft.Json.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\newtonsoft.json.dll

Digital Signature

Signed by:

SqueakyChocolate

Authority:

COMODO CA Limited

Valid from:

2/20/2012 12:00:00 AM

Valid to:

2/19/2015 11:59:59 PM

Subject:

CN=SqueakyChocolate, O=SqueakyChocolate, STREET=12902 Dorathea Terrace, L=Poway, S=CA, PostalCode=92064, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B696A8829DC1E0486236AF86C6DC0B70

File PE Metadata

Compilation timestamp:

11/20/2012 9:45:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:oirJ6jtXlvw1YRsWQv8MAOX54Vhsu27v1GmBhmLIPr0tqKx5g6e2Mbf4:oA6VlI1E/+kx2zd/QoKL3e2ML4

Entry address:

0x6478E

Entry point:

FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

394 KB (403,456 bytes)

Remove Newtonsoft.Json.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.