RSWShell64.dll

Rid Spyware

Crawler, LLC

The module RSWShell64.dll, “Rid Spyware Shell Menu Extension” by Crawler has been detected as a potentially unwanted program by 2 anti-malware scanners. It is registered as a context menu handler (displays a menu when right-clicked in Explorer) named “RSWShellMenu”.
Remove RSWShell64.dll - Powered by Reason Core Security
Publisher:
Crawler.com  (signed by Crawler, LLC)

Product:
Rid Spyware

Description:
Rid Spyware Shell Menu Extension

Version:
1.1.0.2

MD5:
68236c70e3c8d267fe2fa8527d7ed08a

SHA-1:
2af5f350e75096ddd10ecce2872f430ef9a22d7a

SHA-256:
dd4a43f0c00ffa134a4f6c5bc7c4fd347eb15810af2fd0a4dda2c4026b672c6f

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/4/2016 7:13:34 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3271

Reason Heuristics
PUP.Handler.Crawler.K
14.8.8.2

Remove RSWShell64.dll - Powered by Reason Core Security
File size:
1.3 MB (1,407,360 bytes)

Product version:
1.1.0.0

Copyright:
© Crawler.com

Original file name:
RSWShell64.dll

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Program Files\rid spyware\rswshell64.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 4:00:00 PM

Valid to:
1/25/2017 3:59:59 PM

Subject:
CN="Crawler, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Crawler, LLC", L=Boca Raton, S=Florida, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
48E3A7F6CBA47D0C3FCD17CF81AB3F76

Registration
CLSID:
{665C8FCF-2640-488F-930B-8F5F1939A6DE}

ProgID:
RSWShell64.RSWShellMenu

COM registered:
Yes

File PE Metadata
Compilation timestamp:
5/20/2013 6:26:16 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:Anvw7Ai138P3fNluz7l6VOYlJWSygCnPFL27qCP8cbYLG/1SuqYpLzIhs/Uuv:AvSAB2LSmPpSkWSuqCL0C/Uuv

Entry address:
0x10AF20

Entry point:
55, 48, 81, EC, 90, 00, 00, 00, 48, 8B, EC, 48, 89, 4D, 30, 89, 55, 3C, 4C, 89, 45, 40, 90, 48, 8D, 4D, 48, 48, 8D, 15, C6, 59, FF, FF, 4C, 8B, 45, 30, 44, 8B, 4D, 3C, 48, 8B, 45, 40, 48, 89, 44, 24, 20, E8, E8, 57, F0, FF, E8, C3, F7, EF, FF, C7, 85, 8C, 00, 00, 00, 01, 00, 00, 00, EB, 17, 90, 90, E8, F0, F9, EF, FF, 85, C0, 0F, 94, C0, 48, 0F, B6, C0, 89, 85, 8C, 00, 00, 00, 90, 8B, 85, 8C, 00, 00, 00, 48, 8D, A5, 90, 00, 00, 00, 5D, C3, 90, 48, 83, EC, 28, E8, 97, ED, EF, FF, 48, 83, C4, 28, C3, CC, CC...
 
[+]

Entropy:
5.9666

Code size:
1 MB (1,089,536 bytes)

Context Menu Handler
Display name:
RSWShellMenu

CLSID:
{665C8FCF-2640-488F-930B-8F5F1939A6DE}

CLSID name:
RSWShellMenuHandler


Remove RSWShell64.dll - Powered by Reason Core Security