» SuperSocket.ClientEngine.Core.dll
Overview
Analysis
File Details

SuperSocket.ClientEngine.Core.dll

SuperSocket ClientEngine

Evangelion Group

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The module SuperSocket.ClientEngine.Core.dll, “SuperSocket.ClientEngine.Core for .NET 2.0” by Evangelion Group has been detected as adware by 18 anti-malware scanners. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

SuperSocket (signed by Evangelion Group)

Product:

SuperSocket ClientEngine

Description:

SuperSocket.ClientEngine.Core for .NET 2.0

Version:

0.3.0.0

MD5:

786fe49cc794931eb930a4e6c8028c58

SHA-1:

99e23406df15ef8b5c1022c88a14964940823495

SHA-256:

43c49b8f172b7810c5a86586ae5f737a0f479ab5a3f6f265b6c8ddf59b2a9fd4

Scanner detections:

18 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:

5/10/2024 10:34:41 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/CrossRider.pl

7.11.170.84

avast!

Win32:Crossrider-M [PUP]

2014.9-141126

AVG

Generic

2015.0.3278

Baidu Antivirus

Adware.Win32.GoogUpdate

4.0.3.141126

Clam AntiVirus

Win.Trojan.Googupdate-11

0.98/19466

ESET NOD32

Win32/Toolbar.CrossRider.BM (variant)

8.10657

IKARUS anti.virus

PUA.Plush

t3scan.1.7.5.0

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.2887

McAfee

Artemis!A011AA1B9D56

5600.6934

nProtect

Trojan/W32.Agent.26480.G

14.08.27.01

Panda Antivirus

Trj/Chgt.B

14.11.26.02

Qihoo 360 Security

Win32/Trojan.921

1.0.0.1015

Reason Heuristics

PUP.EvangelionGroup.BB

14.11.26.14

Sophos

Generic PUA GM

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-GoogUpdate

10214

Trend Micro House Call

Suspicious_GEN.F47V0816

7.2.330

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

32730

File size:

25.9 KB (26,480 bytes)

Product version:

0.3.0.0

Original file name:

SuperSocket.ClientEngine.Core.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\Program Files\cinema-plus-1.2c\supersocket.clientengine.core.dll

Digital Signature

Signed by:

Evangelion Group

Authority:

COMODO CA Limited

Valid from:

7/27/2014 6:00:00 PM

Valid to:

7/28/2015 5:59:59 PM

Subject:

CN=Evangelion Group, O=Evangelion Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0095E2A1168FF10F1D56CF5FFE4ABC7450

File PE Metadata

Compilation timestamp:

4/11/2014 8:22:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:su27nH/DYYxTFBA5Wuj6LV466g8qtBYo1gGabAl8GI/:sdhxTFBAkuugGab7Gm

Entry address:

0x6A2E

Entry point:

FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.7629

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

19 KB (19,456 bytes)

Remove SuperSocket.ClientEngine.Core.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.