» {blocked}.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

{blocked}.dll

SavePass

Sailor Project

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module {blocked}.dll by Sailor Project has been detected as adware by 9 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘CrossriderApp0061908’. This file is typically installed with the program SavePass by Kimahri Software inc. which is a potentially unwanted software program. This is the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, it installs a BHO in the browser in order to manage the functionality of the addon. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

{blocked}.dll

Publisher:

OutBrowse (signed by Sailor Project)

Product:

SavePass

Description:

SavePass BHO

Version:

1.1.153.8

MD5:

6960c6f96cd90e23029fc61d9f59f63d

SHA-1:

4e92e7b2c41aa77e4512d9c73874cb8b51f987af

SHA-256:

66c6c96809878ad42be169039cdc844ded73ed74d07a4e10b62c25c2080ac4f0

Scanner detections:

9 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Sailor Project.

Analysis date:

4/20/2024 7:34:09 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.164.56

ESET NOD32

Win32/Toolbar.CrossRider.AF potentially unwanted application

7.0.302.0

F-Prot

W32/A-eb9ef301

v6.4.7.1.166

Malwarebytes

PUP.Optional.SavePass.A

v2014.07.28.01

Qihoo 360 Security

HEUR/Malware.QVM30.Gen

1.0.0.1015

Reason Heuristics

PUP.Crossrider.SailorProject.M

14.7.28.1

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.14726

Sophos

AppRider

4.98

VIPRE Antivirus

Threat.4789396

31208

File size:

592.9 KB (607,080 bytes)

Product version:

1.1.153.8

Original file name:

SavePass.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\savepass\savepass-bho.dll

Digital Signature

Signed by:

Sailor Project

Authority:

COMODO CA Limited

Valid from:

7/18/2014 1:00:00 AM

Valid to:

7/19/2015 12:59:59 AM

Subject:

CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47C5F145C734CD3D086C0A102176F0A1

Registration

CLSIDs:

{11111111-1111-1111-1111-110611191108}, {22222222-2222-2222-2222-220622192208}

ProgIDs:

CrossriderApp0061908.BHO.1, CrossriderApp0061908.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

7/26/2014 11:07:20 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:7zdj9m7/pKrX9JOjW1iDOkEv0M3JLLS6yxnpD0wFhLsrxxvLNGTBB+cbOh5HSy7l:1iKrz1i6d0zdpDnF4vLNGTHAI/kF

Entry address:

0x42C17

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 4A, B3, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, D8, 0B, 08, 10, E8, BA, 30, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 78, 82, 08, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, C0, 1A, 07, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

410 KB (419,840 bytes)

Internet Explorer BHO

Display name:

CrossriderApp0061908

CLSID:

{11111111-1111-1111-1111-110611191108}

CLSID name:

SavePass

The file {blocked}.dll has been discovered within the following program.

SavePass by Kimahri Software inc.

SavePass is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

84% remove it

Remove {blocked}.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.