» plus-hd-9.5-bho.dll
Overview
Analysis
File Details

plus-hd-9.5-bho.dll

Plus-HD-9.5

Kimahri Software inc.

This adware uses the Crossrider platform to build and distribute this web browser advertising injection extension. Once installed in the browser it will hijack various browser settings (homepage, search) and may interfere and track behaviors as well as deliver ads. The module plus-hd-9.5-bho.dll by Kimahri Software inc has been detected as adware by 32 anti-malware scanners. This is the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, it installs a BHO in the browser in order to manage the functionality of the addon. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

plus-hd-9.5-bho.dll

Publisher:

Plus HD (signed by Kimahri Software inc.)

Product:

Plus-HD-9.5

Description:

Plus-HD-9.5 BHO

Version:

1.1.153.94

MD5:

de99367ea456dd182ce15e5b61eb396e

SHA-1:

a681cdba47ea3a281e043f6c333f8e52c9c72bea

SHA-256:

6c262a2a972ed384dfc2cd7cc7e08bf24057332c2256c4721e94e692b5e806cf

Scanner detections:

32 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Kimahri Software inc..

Analysis date:

4/16/2024 7:45:13 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.Hy9@muT@Z5ni

6460213

Agnitum Outpost

PUA.CrossRider

7.1.1

AhnLab V3 Security

PUP/Win32.CrossRider

2015.01.28

Avira AntiVirus

Adware/CrossRider.A.5196

7.11.151.186

avast!

Win32:Crossrider-F [PUP]

150101-1

AVG

MultiBundle.R

2016.0.3216

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.15127

Bitdefender

Gen:Adware.Plush.1

1.0.20.135

Clam AntiVirus

Win.Adware.Plush-40

0.98/19983

Comodo Security

Application.Win32.MultiPlug.BHO

20864

Emsisoft Anti-Malware

Gen:Application.Heur.Hy9@muT@Z5ni

9.0.0.4799

ESET NOD32

Win32/Toolbar.CrossRider.AF potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/Toolbar_CrossRider

1/27/2015

F-Prot

W32/A-ee826839

v6.4.7.1.166

F-Secure

Riskware.Gen:Application.Heur.Hy9@muT@Z5ni

5.13.68

G Data

Gen:Adware.Plush

15.1.24

IKARUS anti.virus

Gen.AdWare.Plush

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.192.14772

Kaspersky

not-a-virus:WebToolbar.Win32.CroRi

15.0.0.543

Malwarebytes

PUP.Optional.PlusHD.A

v2015.01.27.12

McAfee

Artemis!01682A178E81

5600.6872

MicroWorld eScan

Gen:Adware.Plush.1

16.0.0.81

NANO AntiVirus

Riskware.Win32.CrossRider.dbkvao

0.28.0.60475

Norman

Gen:Application.Heur.Hy9@kuT@Z5ni

03.12.2014 13:20:04

Panda Antivirus

PUP/PlusHD

15.01.27.12

Qihoo 360 Security

Win32/Virus.Adware.e88

1.0.0.1015

Reason Heuristics

Adware.Crossrider.Brightcircle

15.1.27.12

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.15125

Sophos

PUA 'AppRider' (of type Adware)

5.10

Trend Micro House Call

TROJ_GEN.F47V0413

7.2.27

VIPRE Antivirus

Crossrider

29664

Zillya! Antivirus

Adware.CroRi.Win32.421

2.0.0.2047

File size:

530.4 KB (543,080 bytes)

Product version:

1.1.153.94

Original file name:

Plus-HD-9.5.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\plus-hd-9.5\plus-hd-9.5-bho.dll

Digital Signature

Signed by:

Kimahri Software inc.

Authority:

COMODO CA Limited

Valid from:

3/7/2013 1:00:00 AM

Valid to:

3/7/2016 12:59:59 AM

Subject:

CN=Kimahri Software inc., O=Kimahri Software inc., STREET=666 Sherbrooke Rue w, L=Montreal, S=Quebec, PostalCode=H3A 1E7, C=CA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A1BB8569950C0B2080A11A0E2F618B33

File PE Metadata

Compilation timestamp:

5/23/2014 6:45:44 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:FhtIGMuGJFw7rTEW9hGI5qF5uVwCfR5ThoI5R+45o:FfEFw7rTEW9hGI5O5uTTTT/fC

Entry address:

0x3A738

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, BC, B2, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, C0, 29, 07, 10, E8, B9, 46, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, A8, 97, 07, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, D8, 3D, 06, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

357 KB (365,568 bytes)

Remove plus-hd-9.5-bho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.