home

pingle savebar-bho64.dll

Pingle SaveBar

Reddoor media group co.,Ltd

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module pingle savebar-bho64.dll, “Pingle SaveBar BHO” by Reddoor media group co.,Ltd has been detected as adware by 8 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘CrossriderApp0035486’. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of Reddoor addon.
Publisher:
Reddoor  (signed by Reddoor media group co.,Ltd)

Product:
Pingle SaveBar

Description:
Pingle SaveBar BHO

Version:
1000.1000.1000.1000

MD5:
dde3aecacde72a0c41b6792242ac3e96

SHA-1:
a980105d775c5a3bf39fa2d32807eabff4cda963

SHA-256:
73eb48bf7c0c878925378718e06aad6c2f30cc1cb22790b9f896327313723038

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Reddoor media group co.,Ltd.

Analysis date:
4/25/2024 2:49:26 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win64/Toolbar.Crossrider.A potentially unwanted application
7.0.302.0

K7 AntiVirus
Trojan
13.177.12080

Malwarebytes
PUP.Optional.PlusHD.A
v2014.07.09.11

McAfee
Artemis!2F343D4CD8C2
5600.7074

Panda Antivirus
PUP/PlusHD
14.07.09.11

Reason Heuristics
PUP.Crossrider.ReddoormediagroupcoLtd.U
14.5.27.6

Trend Micro House Call
TROJ_GEN.F47V0406
7.2.190

VIPRE Antivirus
Threat.4789396
29560

File size:
922.4 KB (944,536 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Pingle SaveBar.dll

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\Program Files\pingle savebar\pingle savebar-bho64.dll

Digital Signature
Signed by:
Reddoor media group co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/12/2013 8:00:00 AM

Valid to:
6/13/2014 7:59:59 AM

Subject:
CN="Reddoor media group co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Reddoor media group co.,Ltd", L=Taipei, S=Taipei, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
07044F2CDD35722B453856E51ABEFE92

Registration
CLSIDs:
{11111111-1111-1111-1111-110311541186}, {22222222-2222-2222-2222-220322542286}

ProgIDs:
CrossriderApp0035486.BHO.1, CrossriderApp0035486.Sandbox.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
8/12/2013 8:56:48 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:OSHCZikk497RGI8M6rf0Nu7PMqY1J2TfXlFpk:Og7qdRV8Rz0NuzZYWTf1nk

Entry address:
0x7AF88

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, BB, C3, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 40, 55, 41, 54, 41, 55, 41, 56, 41, 57, 48, 83, EC, 50, 48, 8D, 6C, 24, 40, 48, 89, 5D, 40, 48, 89, 75, 48, 48, 89, 7D, 50, 48, 8B, 05, AA, 13, 06, 00, 48, 33, C5, 48, 89, 45, 08, 8B, 5D, 60, 33, FF, 4D, 8B, F1, 45, 8B, F8, 89, 55, 00, 85, DB, 7E, 2A, 44...
 
[+]

Entropy:
6.2350

Code size:
636.5 KB (651,776 bytes)

Internet Explorer BHO
Display name:
CrossriderApp0035486

CLSID:
{11111111-1111-1111-1111-110311541186}

CLSID name:
Pingle SaveBar


Remove pingle savebar-bho64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.