» super radio-bho.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

super radio-bho.dll

Super Radio

BadFinger Project (BrightCircle Investments Limited)

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module super radio-bho.dll by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 26 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘7e9d578d51bf4e8fa5c15114a698874d0067977’. This file is typically installed with the program Super Radio by BrightCircle Investments Limited which is a potentially unwanted software program. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

super radio-bho.dll

Publisher:

Buca Apps (signed by BadFinger Project (BrightCircle Investments Limited))

Product:

Super Radio

Description:

Super Radio BHO

Version:

1000.1000.1000.1000

MD5:

6177392863385590efea745d27a6a9b3

SHA-1:

ea333c25e7a0ce769126776c05a12d3cf006f3ad

SHA-256:

66038e93ce95344e57bf4f105333b0ab0dec677c5ffbeac1ca86b0de6d6857c4

Scanner detections:

26 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/25/2024 6:41:13 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.Py9@k4xwV6mi

6155792

AhnLab V3 Security

PUP/Win32.BHO

2014.12.05

Avira AntiVirus

ADWARE/CrossRider.Gen

7.11.193.42

avast!

Win32:Malware-gen

2014.9-141219

AVG

Generic

2015.0.3258

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141219

Bitdefender

Gen:Application.Heur.Py9@k4xwV6mi

1.0.20.1750

Dr.Web

DLOADER.Trojan

9.0.1.0350

Emsisoft Anti-Malware

Gen:Application.Heur.Py9@k4xwV6mi

9.0.0.4668

ESET NOD32

Win32/Toolbar.CrossRider.BA potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/Adwapper

12/19/2014

F-Secure

Riskware.Gen:Application.Heur.Py9@k4xwV6mi

5.13.68

G Data

Gen:Application.Heur.Py9@k4xwV6mi

14.12.24

K7 AntiVirus

Unwanted-Program

13.188.14354

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

15.0.0.543

Malwarebytes

PUP.Optional.iWebar.A

v2014.12.19.12

McAfee

Artemis!617739286338

5600.6914

MicroWorld eScan

Gen:Application.Heur.Py9@k4xwV6mi

15.0.0.1050

Norman

Gen:Application.Heur.Py9@k4xwV6mi

04.12.2014 14:30:06

Panda Antivirus

Trj/Genetic.gen

14.12.16.08

Qihoo 360 Security

Win32/Application.b25

1.0.0.1015

Reason Heuristics

PUP.CrossRider.BHO.Brightcircle

15.3.1.16

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141214

Sophos

Generic PUA CA

4.98

Trend Micro House Call

Suspicious_GEN.F47V1204

7.2.353

VIPRE Antivirus

Threat.4789396

35418

File size:

660 KB (675,808 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Super Radio.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\super radio\super radio-bho.dll

Digital Signature

Signed by:

BadFinger Project (BrightCircle Investments Limited)

Authority:

COMODO CA Limited

Valid from:

11/17/2014 12:00:00 AM

Valid to:

11/17/2015 11:59:59 PM

Subject:

CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6623FAFCAC357577A31D90C1E567E9A7

Registration

CLSIDs:

{11111111-1111-1111-1111-110611791177}, {22222222-2222-2222-2222-220622792277}

ProgIDs:

7e9d578d51bf4e8fa5c15114a698874d0067977.BHO.1, 7e9d578d51bf4e8fa5c15114a698874d0067977.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

12/15/2014 11:04:08 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:oYkKwRihtBveW7Rd9RXHDa/WR59O/48UrLBq2AaTwEwrH0sm:oBKwRihtAWv3O/Wb9O/4a2rTf

Entry address:

0x59FA4

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 5D, C9, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 58, 2C, 09, 10, E8, ED, 49, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, A0, 7D, 09, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 34, 4C, 08, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

489.5 KB (501,248 bytes)

Internet Explorer BHO

Display name:

7e9d578d51bf4e8fa5c15114a698874d0067977

CLSID:

{11111111-1111-1111-1111-110611791177}

CLSID name:

Super Radio

The file super radio-bho.dll has been discovered within the following programs.

Super Radio by BrightCircle Investments Limited

Super Radio from BadFinger Project (BrightCircle) is an adware app for the browser that uses the Crossrider framework to distribute ads in the browser.

80% remove it

Remove super radio-bho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.