» sprlrcs.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

sprlrcs.dll

SuperLyrics

Castel Communication Ltd.

The module sprlrcs.dll by Castel Communication has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘SuperLyrics’. This file is typically installed with the program SuperLyrics by Sven & Yorgen which is a potentially unwanted software program.

File name:

sprlrcs.dll

Publisher:

Sven & Yorgen (signed by Castel Communication Ltd.)

Product:

SuperLyrics

Version:

114

MD5:

539dea0a6372d6ba782442421a053e33

SHA-1:

67c31a736c3943ee4091ce8a71ea0ee1bfe8de2c

SHA-256:

b14ef78017b095f632bf9493b924c03080d7ad2cfd75186848f95b7f2fa69ea7

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 5:05:17 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Revizer.CastelCommunication (M)

16.1.7.3

File size:

130.4 KB (133,528 bytes)

Product version:

114

Original file name:

sprlrcs.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\superlyrics\sprlrcs.dll

Digital Signature

Signed by:

Castel Communication Ltd.

Authority:

COMODO CA Limited

Valid from:

2/25/2013 9:00:00 PM

Valid to:

2/26/2014 8:59:59 PM

Subject:

CN=Castel Communication Ltd., O=Castel Communication Ltd., STREET=5 Oded st., L=Ramat Gan, S=Israel, PostalCode=52223, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4B95965A86A77BF4007748964F3622CC

Registration

CLSID:

{3F954646-744D-46D8-8E07-AEF2486FAB9F}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

6/11/2013 1:52:36 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:a6mjbMI1bBEY7uvAn+3x6qKmU9xDssRqbh0YugPDoIzCq6:VsLBEJ4n+3xHKmU9xDssUd0PI3

Entry address:

0x9CB7

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, AC, 56, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 60, C7, 01, 10, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, F5, DC, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, E5, DC, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B... 
[+]

Code size:

84 KB (86,016 bytes)

Internet Explorer BHO

Display name:

SuperLyrics

CLSID:

{3F954646-744D-46D8-8E07-AEF2486FAB9F}

The file sprlrcs.dll has been discovered within the following program.

SuperLyrics by Sven & Yorgen

SuperLyrics is a web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser. In addition it will modify the user's browser home and search pages as well as 'New Tab' pages to push advertising and search.

85% remove it

Remove sprlrcs.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.