» SuperSocket.ClientEngine.Protocol.dll
Overview
Analysis
File Details
Programs (1)

SuperSocket.ClientEngine.Protocol.dll

SuperSocket ClientEngine

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The module SuperSocket.ClientEngine.Protocol.dll, “SuperSocket.ClientEngine.Protocol for .NET 2.0” by Robokid Technologies has been detected as adware by 15 anti-malware scanners. This file is typically installed with the program SavePass by Kimahri Software inc. which is a potentially unwanted software program. The library is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

SuperSocket (signed by Robokid Technologies)

Product:

SuperSocket ClientEngine

Description:

SuperSocket.ClientEngine.Protocol for .NET 2.0

Version:

0.3.0.0

MD5:

747a8177b6f93177600c1f902133bef8

SHA-1:

31e1ab260b7907cfd1254c811b4c57473ab6182c

SHA-256:

f4b86b5970addb6c5dbe4552f5a5f1de54d7348efef9f6fde686c06999757ad7

Scanner detections:

15 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/25/2024 7:41:57 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/CrossRider.pl

7.11.170.102

AVG

Generic

2015.0.3348

Baidu Antivirus

Adware.Win64.Crossrider

4.0.3.14917

herdProtect (fuzzy)

variant of supersocket.clientengine.protocol_iobitdel.dll (Adware)

2014.11.22.20

IKARUS anti.virus

PUA.Plush

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.183.13166

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.3235

McAfee

Artemis!DDF2611F28DC

5600.7004

Panda Antivirus

Trj/Chgt.E

14.09.17.11

Qihoo 360 Security

Win32/Virus.Adware.960

1.0.0.1015

Reason Heuristics

PUP.RobokidTechnologies.FF

14.9.18.0

Sophos

Generic PUA CC

4.98

Trend Micro House Call

Suspicious_GEN.F47V0816

7.2.260

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

32606

File size:

17 KB (17,432 bytes)

Product version:

0.3.0.0

Original file name:

SuperSocket.ClientEngine.Protocol.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\Program Files\savepass\supersocket.clientengine.protocol.dll

Digital Signature

Signed by:

Robokid Technologies

Authority:

COMODO CA Limited

Valid from:

6/23/2014 7:00:00 AM

Valid to:

6/24/2015 6:59:59 AM

Subject:

CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata

Compilation timestamp:

4/11/2014 9:22:22 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

192:G4sRQRZgwP1UOIQm5BF3MLpEJO/QNeDTI3kxADFz9PlVls8G7HZEIBeO+fcccWaA:B0K1XmogLQQkmW8GdaO6cWmgLq0RdWDs

Entry address:

0x51CE

Entry point:

FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 48, 00, 00, 00, 58, 60, 00, 00, 44, 04... 
[+]

Entropy:

5.6475

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

12.5 KB (12,800 bytes)

The file SuperSocket.ClientEngine.Protocol.dll has been discovered within the following program.

SavePass by Kimahri Software inc.

SavePass is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

84% remove it

Remove SuperSocket.ClientEngine.Protocol.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.