» singalng.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

singalng.dll

Sing Along

Castel Communication Ltd.

The module singalng.dll by Castel Communication has been detected as adware by 17 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Sing Along’. This file is typically installed with the program Sing Along by Xenomorph dot Net which is a potentially unwanted software program. According to Microsoft Security Essentials, this AddLyrics variant installs itself as a Chrome extension, an Internet Explorer add-on, and a Firefox plug-in and displays advertisements in the browser, and also display the lyrics to songs viewed on YouTube.

File name:

singalng.dll

Publisher:

Xenophesoft (signed by Castel Communication Ltd.)

Product:

Sing Along

Version:

114

MD5:

fa4b2fb58b8094507eb8b32c2f830dbd

SHA-1:

68f01ae6f9a60b56061829b03507f104409f2165

SHA-256:

cf0531f5047f77b1f72506800e438e8d3c7e297559877dfd5e77d63c4eef07f9

Scanner detections:

17 / 68

Status:

Adware

Analysis date:

4/24/2024 5:47:49 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/Adware.Gen

7.11.206.252

avast!

Win32:Adware-gen [Adw]

2014.9-150325

AVG

LoudMo.L

2016.0.3159

Comodo Security

ApplicUnwnt

20959

Dr.Web

Adware.Shopper.341

9.0.1.084

ESET NOD32

Win32/AdWare.AddLyrics (variant)

9.11122

Fortinet FortiGate

Riskware/AddLyrics

3/25/2015

G Data

Win32.Trojan.Agent.SC6ZLO

15.3.25

herdProtect (fuzzy)

variant of lrcfan.dll

2015.6.30.12

K7 AntiVirus

Adware

13.193.14857

McAfee

PUP-FCU

5600.6815

Microsoft Security Essentials

Adware:Win32/AddLyrics

1.1.11302.0

Quick Heal

Adware.Addlyrics.A5

3.15.14.00

Reason Heuristics

PUP.BHO.CastelCommunication

15.3.25.17

Sophos

Generic PUA GI

4.98

Trend Micro House Call

TROJ_GEN.R047C0CKL14

7.2.84

VIPRE Antivirus

Revizer.b

37248

File size:

130.4 KB (133,528 bytes)

Product version:

114

Original file name:

singalng.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\singalong\singalng.dll

Digital Signature

Signed by:

Castel Communication Ltd.

Authority:

COMODO CA Limited

Valid from:

2/25/2013 6:00:00 PM

Valid to:

2/26/2014 5:59:59 PM

Subject:

CN=Castel Communication Ltd., O=Castel Communication Ltd., STREET=5 Oded st., L=Ramat Gan, S=Israel, PostalCode=52223, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4B95965A86A77BF4007748964F3622CC

File PE Metadata

Compilation timestamp:

6/11/2013 10:47:05 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:y61G1mrVwOwAnuB6KamkVPiYuTd3Ee63BgshFgaVP0iGBqZWUvaLX5:9HrvDnuBHamkV6Um

Entry address:

0x9CB7

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, AC, 56, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 60, C7, 01, 10, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, F5, DC, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, E5, DC, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B... 
[+]

Entropy:

6.4650

Code size:

84 KB (86,016 bytes)

Internet Explorer BHO

Display name:

Sing Along

CLSID:

{6492E171-2427-4932-B414-33574A089F5E}

The file singalng.dll has been discovered within the following program.

Sing Along by Xenomorph dot Net

Sing Along is a web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser. In addition it will modify the user's browser home and search pages as well as 'New Tab' pages to push advertising and search.

68% remove it

Remove singalng.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.