» power app-bho64.dll
Overview
Analysis
File Details
Programs (1)

power app-bho64.dll

power app

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module power app-bho64.dll by Naruto Source has been detected as adware by 8 anti-malware scanners. This file is typically installed with the program power app by Naruto Source which is a potentially unwanted software program. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of Object Browser addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

power app-bho64.dll

Publisher:

Object Browser (signed by Naruto Source)

Product:

power app

Description:

power app BHO

Version:

1000.1000.1000.1000

MD5:

3a47644f671f687b16181e1d0e3e0e14

SHA-1:

ff48d0017bf71c87aaf4a95612ab78b75494d8d2

SHA-256:

e215bd3a1e149e4c21e93928008c470b3ff63ea0a29c1947301b47d00e0907df

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Naruto Source.

Analysis date:

4/23/2024 8:34:01 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/CrossRider.pq

7.11.173.116

AVG

Generic

2015.0.3346

ESET NOD32

Win64/Toolbar.Crossrider (variant)

8.10443

herdProtect (fuzzy)

variant of thehdvid-codec v10-bho64.dll (Adware)

2014.11.30.20

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.3225

Malwarebytes

PUP.Optional.PowerApp.A

v2014.09.19.10

Reason Heuristics

PUP.Crossrider.NarutoSource.P

14.9.19.21

VIPRE Antivirus

Crossrider

33264

File size:

826.9 KB (846,696 bytes)

Product version:

1000.1000.1000.1000

Original file name:

power app.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\power app\power app-bho64.dll

Digital Signature

Signed by:

Naruto Source

Authority:

COMODO CA Limited

Valid from:

7/27/2014 8:00:00 PM

Valid to:

7/28/2015 7:59:59 PM

Subject:

CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1CE82906A7F364268F66771839675655

Registration

CLSIDs:

{11111111-1111-1111-1111-110611341139}, {22222222-2222-2222-2222-220622342239}

ProgIDs:

CrossriderApp0063439.BHO.1, CrossriderApp0063439.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

9/13/2014 6:02:55 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:3OxQ8Op5ZhHCEQqynAE6I7XLsUkvwgLXTvBI9wNM/Os:e8p5PHRynAJI8UkRbTAOs

Entry address:

0x60288

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, EB, CB, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 8C, 22, 06, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2573

Code size:

546.5 KB (559,616 bytes)

The file power app-bho64.dll has been discovered within the following program.

power app by Naruto Source

power app is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.

crossrider.com/install/63439-power-app

79% remove it

Remove power app-bho64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.