Newtonsoft.Json.dll

Json.NET

Berserk Group

Part of the Crossrider framework, a web browser extension that will deliver advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. Newtonsoft.Json.dll is the assembly provides support for JSON parsing for .NET applications and is recompiled by Berserk Group. The module Newtonsoft.Json.dll, “Json.NET .NET 2.0” by Berserk Group has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source.
Publisher:
Newtonsoft  (signed by Berserk Group)

Product:
Json.NET

Description:
Json.NET .NET 2.0

Version:
6.0.3.17227

MD5:
abb98a0b0d1905d60fd5d3c94aaa2a8a

SHA-1:
ff5d680d04687f7b1e306cba6ab3106bc0b95281

SHA-256:
43b32fa4c894f8c1385e6d14c8a81316e1f3a34e9f2792273f25d18d31839d11

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
6/5/2020 3:07:59 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Crossrider (M)
17.3.8.19

File size:
483.9 KB (495,512 bytes)

Product version:
6.0.3.17227

Copyright:
Copyright © James Newton-King 2008

Original file name:
Newtonsoft.Json.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\cinedpv2\newtonsoft.json.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/14/2014 2:00:00 AM

Valid to:
8/15/2015 1:59:59 AM

Subject:
CN=Berserk Group, O=Berserk Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
58761EBCDB730A1C637A95BCB768285A

File PE Metadata
Compilation timestamp:
4/27/2014 5:12:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x7930E

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
477 KB (488,448 bytes)

Remove Newtonsoft.Json.dll - Powered by Reason Core Security