» radio canyon-bho.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

radio canyon-bho.dll

Aussie Labs (BrightCircle Investments Limited)

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module radio canyon-bho.dll by Aussie Labs (BrightCircle Investments Limited) has been detected as adware by 25 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘71c6c330e74701318a6f0adb73eaa5ae0060804’. This file is typically installed with the program Radio Canyon by Bright circle investments Ltd. which is a potentially unwanted software program. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Radio Canyon (signed by Aussie Labs (BrightCircle Investments Limited))

Product:

Radio Canyon

Description:

Radio Canyon BHO

Version:

1000.1000.1000.1000

MD5:

bd686d37df3c7eeb5a99fa8ed5ab5ca5

SHA-1:

57f8d6deb8ab1d66db69eecfbe44a752d84bacb5

SHA-256:

4bb8d673f9dd0b2f540e276e8abac4355ffec1fd1d050f8a318f0c0b6eb8f9fe

Scanner detections:

25 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/26/2024 8:53:48 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.Uy9@keHc6rci

797

Avira AntiVirus

ADWARE/CrossRider.Gen

7.11.189.150

AVG

Generic

2015.0.3275

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141130

Bitdefender

Gen:Application.Heur.Uy9@keHc6rci

1.0.20.1670

Comodo Security

ApplicUnwnt

20282

Dr.Web

DLOADER.Trojan

9.0.1.0334

Emsisoft Anti-Malware

Gen:Application.Heur.Uy9@keHc6rci

9.0.0.4570

ESET NOD32

Win32/Toolbar.CrossRider.BA potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/Adwapper

12/19/2014

F-Secure

Gen:Application.Heur.Uy9@keHc6rci

11.2014-30-11_1

G Data

Gen:Application.Heur.Uy9@keHc6rci

14.11.24

K7 AntiVirus

Unwanted-Program

13.186.14245

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

15.0.0.543

Malwarebytes

PUP.Optional.RadioCanyon.A

v2014.11.30.05

McAfee

PUP-FDU

5600.6931

MicroWorld eScan

Gen:Application.Heur.Uy9@keHc6rci

15.0.0.1002

Norman

Gen:Application.Heur.Wy9@kWv17zii

11.20141219

Panda Antivirus

Trj/Genetic.gen

14.11.30.05

Qihoo 360 Security

Win32/Application.e80

1.0.0.1015

Reason Heuristics

PUP.CrossRider.BHO.Q

14.11.30.23

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141128

Sophos

Generic PUA EB

4.98

Trend Micro House Call

Suspicious_GEN.F47V1130

7.2.353

VIPRE Antivirus

Threat.4789396

35224

File size:

750.5 KB (768,472 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Radio Canyon.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\radio canyon\radio canyon-bho.dll

Digital Signature

Signed by:

Aussie Labs (BrightCircle Investments Limited)

Authority:

COMODO CA Limited

Valid from:

11/17/2014 4:00:00 AM

Valid to:

11/18/2015 3:59:59 AM

Subject:

CN=Aussie Labs (BrightCircle Investments Limited), O=Aussie Labs (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

685AE12077846353AA542302DA532ABD

File PE Metadata

Compilation timestamp:

11/28/2014 3:04:08 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:Kd5oF6AqnP1yItNlZPGz9rrXc5jI6TAOWZtFmrdGXO:k5o6BntlttP89PstzTA0D

Entry address:

0x61AB4

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 5D, C9, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 20, 54, 0A, 10, E8, ED, 49, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 10, C1, 0A, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 14, 4D, 09, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.5495

Developed / compiled with:

Microsoft Visual C++

Code size:

552 KB (565,248 bytes)

Internet Explorer BHO

Display name:

71c6c330e74701318a6f0adb73eaa5ae0060804

CLSID:

{11111111-1111-1111-1111-110611081104}

CLSID name:

Radio Canyon

The file radio canyon-bho.dll has been discovered within the following program.

Radio Canyon by Bright circle investments Ltd.

Radio Canyon (Porter Studio Plus) is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

88% remove it

Remove radio canyon-bho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.