» {blocked}.dll
Overview
Analysis
File Details
Programs (1)

{blocked}.dll

SavePass 1.1

Sara Kodama Project

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module {blocked}.dll by Sara Kodama Project has been detected as adware by 12 anti-malware scanners. This file is typically installed with the program SavePass 1.1 by Morgan Enter Mode which is a potentially unwanted software program. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

{blocked}.dll

Publisher:

OB (signed by Sara Kodama Project)

Product:

SavePass 1.1

Description:

SavePass 1.1 BHO

Version:

1000.1000.1000.1000

MD5:

85ce02147395d78c3dc6c8d85d956278

SHA-1:

41957d31bcae797154124790e1be857f8e54a04c

SHA-256:

1144961038b299edc3f6706c2ff3d1dfed39c8dd07975133bb0ff47d74293058

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Sara Kodama Project.

Analysis date:

4/20/2024 12:51:47 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen

7.11.189.70

avast!

Win32:Crossrider-DM [PUP]

2014.9-150712

AVG

Generic

2015.0.3277

Baidu Antivirus

Adware.Win32.GoogUpdate

4.0.3.141128

Clam AntiVirus

Win.Trojan.Googupdate-35

0.98/21511

Dr.Web

Trojan.Crossrider1.28017

9.0.1.0193

ESET NOD32

Win64/Toolbar.Crossrider.L potentially unwanted application

7.0.302.0

Kaspersky

Trojan.NSIS.GoogUpdate

15.0.0.463

Malwarebytes

PUP.Optional.CrossRider.A

v2015.07.12.03

Panda Antivirus

Trj/Chgt.K

14.11.28.03

Reason Heuristics

PUP.Crossrider.SaraKodamaProject.R

14.11.10.13

VIPRE Antivirus

Threat.4789396

35088

File size:

715.9 KB (733,088 bytes)

Product version:

1000.1000.1000.1000

Original file name:

SavePass 1.1.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\savepass 1.1\savepass 1.1-bho64.dll

Digital Signature

Signed by:

Sara Kodama Project

Authority:

COMODO CA Limited

Valid from:

10/20/2014 1:00:00 AM

Valid to:

10/21/2015 12:59:59 AM

Subject:

CN=Sara Kodama Project, O=Sara Kodama Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

75E47031A737D2A200F0C7A94034399F

Registration

CLSIDs:

{11111111-1111-1111-1111-110611341129}, {22222222-2222-2222-2222-220622342229}

ProgIDs:

eee1ef70083a013208d37190b1a6e5ef0063429.BHO.1, eee1ef70083a013208d37190b1a6e5ef0063429.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

11/7/2014 8:37:20 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:SuKtCRLAWFOZW3HuNd8AGKz51HJ8pFzrF/LBL+eiWdPTc7VmunKA157xraYv3YTU:SZo7eNdQlN0yYauLclTzPTfdDKtk9dAl

Entry address:

0x52318

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 5B, C7, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 2C, 73, 05, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2115

Code size:

462.5 KB (473,600 bytes)

The file {blocked}.dll has been discovered within the following program.

SavePass 1.1 by Morgan Enter Mode

SavePass distributed by Brightcircle is a web browser extension that injects display advertising in the user's browser.

83% remove it

Remove {blocked}.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.