» SuperSocket.ClientEngine.Protocol.dll
Overview
Analysis
File Details

SuperSocket.ClientEngine.Protocol.dll

SuperSocket ClientEngine

Evangelion Group

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The module SuperSocket.ClientEngine.Protocol.dll, “SuperSocket.ClientEngine.Protocol for .NET 2.0” by Evangelion Group has been detected as adware by 17 anti-malware scanners. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

SuperSocket (signed by Evangelion Group)

Product:

SuperSocket ClientEngine

Description:

SuperSocket.ClientEngine.Protocol for .NET 2.0

Version:

0.3.0.0

MD5:

34dc9022c91a823f3d56890af58a0654

SHA-1:

2d6e452765aa6531ad67426d19a71cf2ac4b01d1

SHA-256:

050bd8633d90ac812333d906492b465a817ad699712a751f7cf807162302108e

Scanner detections:

17 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:

4/25/2024 2:45:55 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/CrossRider.pl

7.11.170.102

avast!

Win32:Crossrider-M [PUP]

2014.9-141126

AVG

Generic

2015.0.3278

Baidu Antivirus

Adware.Win32.GoogUpdate

4.0.3.141126

Clam AntiVirus

Win.Trojan.Googupdate-13

0.98/19468

ESET NOD32

Win32/Toolbar.CrossRider.BM (variant)

8.10657

IKARUS anti.virus

PUA.Plush

t3scan.1.7.5.0

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.2887

McAfee

Artemis!E431F92CCAD3

5600.6934

nProtect

Trojan/W32.Agent.19824.E

14.09.15.01

Panda Antivirus

Trj/Chgt.B

14.11.26.02

Qihoo 360 Security

Win32/Trojan.921

1.0.0.1015

Reason Heuristics

PUP.EvangelionGroup.FF

14.11.26.14

Sophos

Generic PUA CC

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Artemis

10214

Trend Micro House Call

Suspicious_GEN.F47V0816

7.2.330

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

File size:

19.4 KB (19,824 bytes)

Product version:

0.3.0.0

Original file name:

SuperSocket.ClientEngine.Protocol.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\Program Files\cinema-plus-1.2c\supersocket.clientengine.protocol.dll

Digital Signature

Signed by:

Evangelion Group

Authority:

COMODO CA Limited

Valid from:

7/27/2014 6:00:00 PM

Valid to:

7/28/2015 5:59:59 PM

Subject:

CN=Evangelion Group, O=Evangelion Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0095E2A1168FF10F1D56CF5FFE4ABC7450

File PE Metadata

Compilation timestamp:

4/11/2014 8:22:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:K0K1XmogLQQkmW8GdaO6cWmgLq0DabAl8E:KXm/n6dkmgLq0Dab7E

Entry address:

0x51CE

Entry point:

FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 48, 00, 00, 00, 58, 60, 00, 00, 44, 04... 
[+]

Entropy:

5.9563

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

12.5 KB (12,800 bytes)

Remove SuperSocket.ClientEngine.Protocol.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.