home

pingle savebar-bho.dll

Pingle SaveBar

Reddoor media group co.,Ltd

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module pingle savebar-bho.dll, “Pingle SaveBar BHO” by Reddoor media group co.,Ltd has been detected as adware by 24 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘CrossriderApp0035486’. This is the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, it installs a BHO in the browser in order to manage the functionality of the addon.
Publisher:
Reddoor  (signed by Reddoor media group co.,Ltd)

Product:
Pingle SaveBar

Description:
Pingle SaveBar BHO

Version:
1.1.153.42

MD5:
a9623fddb4093f83b30021f96668ae82

SHA-1:
c239f1b185e7196e8bb2519fdb6810f74fc4a724

SHA-256:
a329d050ab37e8e0a4526e6e6a94571310ed5bf1d47d599cf77331c266cddf91

Scanner detections:
24 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Reddoor media group co.,Ltd.

Analysis date:
4/20/2024 5:08:38 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.611579
1113

AVG
Generic5
2015.0.3602

Baidu Antivirus
Adware.Win32.Lyckriks
4.0.3.14118

Bitdefender
Adware.Generic.611579
1.0.20.90

Bkav FE
W32.Clodd68.Trojan
1.3.0.4613

Dr.Web
Trojan.Crossrider.7
9.0.1.07

Emsisoft Anti-Malware
Adware.Generic.611579
8.14.01.18.02

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.9079

Fortinet FortiGate
Adware/Lyckriks
1/18/2014

F-Secure
Adware.Generic.611579
11.2014-18-01_7

G Data
Adware.Generic.611579
14.1.22

herdProtect (fuzzy)
variant of plus-hd-2.6-bho.dll (Adware)
2014.1.26.4

IKARUS anti.virus
not-a-virus:AdWare.Win32.Lyckriks
t3scan.2.2.29

K7 AntiVirus
Riskware
13.174.10272

Kaspersky
not-a-virus:AdWare.Win32.Lyckriks
14.0.0.4450

Malwarebytes
PUP.Optional.PlusHD.A
v2014.01.18.02

McAfee
Artemis!2162966379BC
5600.7247

MicroWorld eScan
Adware.Generic.611579
15.0.0.54

Panda Antivirus
Suspicious file
14.01.18.02

Reason Heuristics
PUP.Crossrider.BHO.S
14.5.9.10

Sophos
Generic PUA GA
4.95

Trend Micro House Call
TROJ_GEN.R0C1H07JO13
7.2.18

Vba32 AntiVirus
AdWare.Lyckriks
3.12.24.3

VIPRE Antivirus
Crossrider
23588

File size:
588.4 KB (602,520 bytes)

Product version:
1.1.153.42

Copyright:
Copyright 2011

Original file name:
Pingle SaveBar.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\pingle savebar\pingle savebar-bho.dll

Digital Signature
Signed by:
Reddoor media group co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/12/2013 8:00:00 AM

Valid to:
6/13/2014 7:59:59 AM

Subject:
CN="Reddoor media group co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Reddoor media group co.,Ltd", L=Taipei, S=Taipei, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
07044F2CDD35722B453856E51ABEFE92

File PE Metadata
Compilation timestamp:
8/12/2013 5:44:08 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:51SkF27hRMjXzOTPNMs5KbIioB/6c3Y1UozaYBFKGTXL3nHdPlanA:51Sq27hKjXzOTh5KbIioB/6c3Y1U1YBB

Entry address:
0x4836D

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, AC, B1, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 99, AF, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, F8, 4B, 08, 10, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18...
 
[+]

Entropy:
6.5688

Code size:
402 KB (411,648 bytes)

Internet Explorer BHO
Display name:
CrossriderApp0035486

CLSID:
{11111111-1111-1111-1111-110311541186}

CLSID name:
Pingle SaveBar


Remove pingle savebar-bho.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.