home

SuperSocket.ClientEngine.Protocol.dll

SuperSocket ClientEngine

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module SuperSocket.ClientEngine.Protocol.dll, “SuperSocket.ClientEngine.Protocol for .NET 2.0” by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 17 anti-malware scanners. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
SuperSocket  (signed by BadFinger Project (BrightCircle Investments Limited))

Product:
SuperSocket ClientEngine

Description:
SuperSocket.ClientEngine.Protocol for .NET 2.0

Version:
0.3.0.0

MD5:
8159b4ef0b94c30874d5110ef9d76c9e

SHA-1:
a5b786e4fe96d25e9d4c1544fa7119b3f4045d8b

SHA-256:
992bffff86e778e76bcc52f8aa308d08900a58a7379d7ac45d9dc0d54d967d81

Scanner detections:
17 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
5/8/2024 9:31:57 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

AVG
Generic
2015.0.3253

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141221

Clam AntiVirus
Win.Trojan.Googupdate-13
0.98/19776

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
7.0.302.0

F-Prot
W32/S-bc2484ea
v6.4.7.1.166

F-Secure
Riskware.Gen:Application.Heur.vy5@kWPA!9oi
11.2014-21-12_1

K7 AntiVirus
Unwanted-Program
13.186.14254

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
15.0.0.543

McAfee
Artemis!2263C696D651
5600.6909

NANO AntiVirus
Trojan.Win32.GoogUpdate.dkjwbo
0.28.6.63850

Panda Antivirus
Generic Suspicious
14.12.21.10

Qihoo 360 Security
HEUR/QVM23.0.Malware.Gen
1.0.0.1015

Reason Heuristics
Adware.BrightCircle.BadFingerProjectBrightCircleInvestmentsLimited.FF
14.12.21.22

Sophos
Generic PUA EO
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Artemis
10163

Vba32 AntiVirus
Trojan.GoogUpdate
3.12.26.3

File size:
19.5 KB (19,936 bytes)

Product version:
0.3.0.0

Copyright:
Copyright © clientengine.codeplex.com 2012

Original file name:
SuperSocket.ClientEngine.Protocol.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\browserappsplus2.1\supersocket.clientengine.protocol.dll

Digital Signature
Signed by:
BadFinger Project (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
11/16/2014 4:00:00 PM

Valid to:
11/17/2015 3:59:59 PM

Subject:
CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata
Compilation timestamp:
4/11/2014 7:22:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
192:B4sRQRZgwP1UOIQm5BF3MLpEJO/QNeDTI3kxADFz9PlVls8G7HZEIBeO+fcccWap:K0K1XmogLQQkmW8GdaO6cWmgLq0J8l8S

Entry address:
0x51CE

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 48, 00, 00, 00, 58, 60, 00, 00, 44, 04...
 
[+]

Entropy:
5.9687

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
12.5 KB (12,800 bytes)

Remove SuperSocket.ClientEngine.Protocol.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.