» radio canyon-bho64.dll
Overview
Analysis
File Details
Programs (1)

radio canyon-bho64.dll

Porter Studio Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module radio canyon-bho64.dll by Porter Studio Plus has been detected as adware by 14 anti-malware scanners. This file is typically installed with the program Radio Canyon by Bright circle investments Ltd. which is a potentially unwanted software program. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of Radio Canyon addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Radio Canyon (signed by Porter Studio Plus)

Product:

Radio Canyon

Description:

Radio Canyon BHO

Version:

1000.1000.1000.1000

MD5:

2a9f8f322ee75f1aaf3fadc63ce184d5

SHA-1:

a5283534a894789f2aa620dc0f29bba28563c262

SHA-256:

ffc95962f7956f1c3efa00b72b24d16c59bb85aa6a4ae2ea3b39993189b2d5fe

Scanner detections:

14 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Porter Studio Plus.

Analysis date:

4/23/2024 10:53:41 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen

7.11.182.186

avast!

Win32:Crossrider-AI [PUP]

2014.9-141128

AVG

Generic

2015.0.3277

Baidu Antivirus

Adware.Win32.GoogUpdate

4.0.3.141128

ESET NOD32

Win64/Toolbar.Crossrider.J potentially unwanted application

7.0.302.0

Kaspersky

Trojan.NSIS.GoogUpdate

15.0.0.543

Malwarebytes

PUP.Optional.RadioCanyon.A

v2014.11.28.02

McAfee

CrossRider-FSV

5600.6933

Panda Antivirus

Trj/Chgt.J

14.11.28.02

Qihoo 360 Security

Win32/Virus.Adware.de5

1.0.0.1015

Reason Heuristics

PUP.Crossrider.PorterStudioPlus.S

14.11.28.2

Trend Micro House Call

TROJ_GEN.R0C1C0OK614

7.2.332

Trend Micro

TROJ_GEN.R0C1C0OK614

10.465.28

VIPRE Antivirus

Threat.4789396

34232

File size:

827.9 KB (847,776 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Radio Canyon.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\radio canyon\radio canyon-bho64.dll

Digital Signature

Signed by:

Porter Studio Plus

Authority:

COMODO CA Limited

Valid from:

10/20/2014 6:00:00 AM

Valid to:

10/21/2015 5:59:59 AM

Subject:

CN=Porter Studio Plus, O=Porter Studio Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B7BA41CFBA8D50AF9A2A64362C08FA91

Registration

CLSIDs:

{11111111-1111-1111-1111-110611081104}, {22222222-2222-2222-2222-220622082204}

ProgIDs:

71c6c330e74701318a6f0adb73eaa5ae0060804.BHO.1, 71c6c330e74701318a6f0adb73eaa5ae0060804.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

10/29/2014 2:34:06 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:A3ywG1j4Y1JY22Kf+j29j2+iTIne+sIV6t/0CYZ:cq1JY2PfU2J+TzRe

Entry address:

0x610A4

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 7F, C9, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 40, 23, 06, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2545

Code size:

547 KB (560,128 bytes)

The file radio canyon-bho64.dll has been discovered within the following program.

Radio Canyon by Bright circle investments Ltd.

Radio Canyon (Porter Studio Plus) is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

88% remove it

Remove radio canyon-bho64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.