plus-hd-v1.5-bho64.dll

Bright circle investments Ltd.

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The module plus-hd-v1.5-bho64.dll by Bright circle investments has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of Plus-HD-V1.5 addon. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Plus-HD-V1.5  (signed by Bright circle investments Ltd.)

Product:
Plus-HD-V1.5

Description:
Plus-HD-V1.5 BHO

Version:
1000.1000.1000.1000

MD5:
eacc0000f6e7776688cb72f5de7de00d

SHA-1:
1691e28025152988f92854ef6d2d7c136f9f4e13

SHA-256:
ab437e09a6ba33809628da897cb4e84b3778d8c087ca103b0e05809d25c63ba4

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Bright circle investments Ltd..

Analysis date:
9/18/2020 9:05:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider.Brightcircle (M)
16.4.7.8

File size:
1 MB (1,057,776 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Plus-HD-V1.5.dll

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Program Files\plus-hd-v1.5\plus-hd-v1.5-bho64.dll

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/18/2014 8:00:00 PM

Valid to:
6/19/2015 7:59:59 PM

Subject:
CN=Bright circle investments Ltd., O=Bright circle investments Ltd., STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EF90FEF9AC8E258E5D30D0E08C84D37E

Registration
CLSIDs:
{11111111-1111-1111-1111-110511951162}, {22222222-2222-2222-2222-220522952262}

ProgIDs:
CrossriderApp0059562.BHO.1, CrossriderApp0059562.Sandbox.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
6/22/2014 6:13:24 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:YU92hllRb40SX1R21pNBlp7NmfTIToc3f5BWA:YUolRbpUmNmfcTocp

Entry address:
0x7B1B4

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, E3, CB, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, F8, A8, 07, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
6.2707

Code size:
694 KB (710,656 bytes)

Remove plus-hd-v1.5-bho64.dll - Powered by Reason Core Security