» SuperSocket.ClientEngine.Common.dll
Overview
Analysis
File Details
Programs (1)

SuperSocket.ClientEngine.Common.dll

SuperSocket ClientEngine

Sara Kodama Project

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module SuperSocket.ClientEngine.Common.dll, “SuperSocket.ClientEngine.Common for .Net 2.0” by Sara Kodama Project has been detected as adware by 17 anti-malware scanners. This file is typically installed with the program SavePass 1.1 by Morgan Enter Mode which is a potentially unwanted software program. The library is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

SuperSocket (signed by Sara Kodama Project)

Product:

SuperSocket ClientEngine

Description:

SuperSocket.ClientEngine.Common for .Net 2.0

Version:

0.3.0.0

MD5:

4a350ce3bf61f34cfc441c400016f4dd

SHA-1:

d4342bc741f2623337294790ad7251ba10bb6c78

SHA-256:

80b29f4e8a27a5c0128e105984103dc326991f449ae0f3c49e138a6f9b4ba6e2

Scanner detections:

17 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/19/2024 6:27:21 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3253

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141222

Clam AntiVirus

Win.Trojan.Googupdate-15

0.98/21511

Dr.Web

Trojan.Crossrider.28247

9.0.1.0356

ESET NOD32

Win32/Toolbar.CrossRider.BM (variant)

8.10750

K7 AntiVirus

Unwanted-Program

13.185.14071

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.2759

McAfee

Artemis!F18F0B0A750E

5600.6909

NANO AntiVirus

Trojan.Win32.GoogUpdate.deefsh

0.28.6.63474

nProtect

Trojan-Clicker/W32.Agent.23456

14.11.27.01

Panda Antivirus

Trj/Chgt.L

14.12.22.05

Qihoo 360 Security

HEUR/QVM23.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.SaraKodamaProject.DD

14.12.22.5

Sophos

Generic PUA BC

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-GoogUpdate

10163

Trend Micro House Call

Suspicious_GEN.F47V1115

7.2.356

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

File size:

22.9 KB (23,456 bytes)

Product version:

0.3.0.0

Original file name:

SuperSocket.ClientEngine.Common.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\Program Files\savepass 1.1\supersocket.clientengine.common.dll

Digital Signature

Signed by:

Sara Kodama Project

Authority:

COMODO CA Limited

Valid from:

10/20/2014 8:00:00 AM

Valid to:

10/21/2015 7:59:59 AM

Subject:

CN=Sara Kodama Project, O=Sara Kodama Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

75E47031A737D2A200F0C7A94034399F

File PE Metadata

Compilation timestamp:

4/11/2014 10:22:22 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:D64b8rYkcUTMdzJzga3Vmt1xf3Qa/qOle+1aRu7/2hjwO4l8k:N8iUTMdzJkEMnlQa/q+YR5jwOzk

Entry address:

0x5FBE

Entry point:

FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.8751

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

16 KB (16,384 bytes)

The file SuperSocket.ClientEngine.Common.dll has been discovered within the following program.

SavePass 1.1 by Morgan Enter Mode

SavePass distributed by Brightcircle is a web browser extension that injects display advertising in the user's browser.

83% remove it

Remove SuperSocket.ClientEngine.Common.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.