home

smartsaver1+ 12-bho64.dll

SmartSaver1+ 12

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The module smartsaver1+ 12-bho64.dll, “SmartSaver1+ 12 BHO” by Sailor Project has been detected as adware by 13 anti-malware scanners. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of smart-saverplus addon. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
smart-saverplus  (signed by Sailor Project)

Product:
SmartSaver1+ 12

Description:
SmartSaver1+ 12 BHO

Version:
1000.1000.1000.1000

MD5:
d5f90b1bf151576943e3fda757f4ea69

SHA-1:
74c59c037af576caf9b4f5a8a2770d887c299e1d

SHA-256:
f99d3c921da166f1d19b5a21b2f91a8f5a80342762444b389a9b5fa04570236a

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Sailor Project.

Analysis date:
5/6/2024 9:21:14 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.164.246

AVG
Generic
2016.0.3240

Baidu Antivirus
PUA.Win64.Crossrider
4.0.3.1513

Comodo Security
ApplicUnwnt
19056

ESET NOD32
Win64/Toolbar.Crossrider (variant)
9.10193

Fortinet FortiGate
Adware/Toolbar_CrossRider
1/3/2015

IKARUS anti.virus
AdWare.Adload
t3scan.1.6.1.0

Kaspersky
not-a-virus:WebToolbar.Win32.CroRi
14.0.0.2696

Malwarebytes
PUP.Optional.SmartSaver.A
v2015.01.03.08

Panda Antivirus
Trj/Chgt.C
15.01.03.08

Reason Heuristics
PUP.Crossrider.SailorProject.V
15.1.3.20

Trend Micro House Call
Suspicious_GEN.F47V0726
7.2.3

VIPRE Antivirus
Crossrider
31846

File size:
813.4 KB (832,872 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
SmartSaver1+ 12.dll

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Program Files\smartsaver1+ 12\smartsaver1+ 12-bho64.dll

Digital Signature
Signed by:
Sailor Project

Authority:
COMODO CA Limited

Valid from:
7/18/2014 1:00:00 AM

Valid to:
7/19/2015 12:59:59 AM

Subject:
CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
47C5F145C734CD3D086C0A102176F0A1

Registration
CLSIDs:
{11111111-1111-1111-1111-110611181101}, {22222222-2222-2222-2222-220622182201}

ProgIDs:
CrossriderApp0061801.BHO.1, CrossriderApp0061801.Sandbox.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
7/25/2014 11:06:33 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:ZNSvbHsR0uOlh+8Vt8izR6lPTTKKkwVFEbs:/Svbe63++yQR6lLTjkwQbs

Entry address:
0x5A57C

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, AF, CB, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 88, 42, 06, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
6.2699

Code size:
536 KB (548,864 bytes)

Remove smartsaver1+ 12-bho64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.