home

SuperSocket.ClientEngine.Protocol.dll

SuperSocket ClientEngine

King Gainer Lab

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module SuperSocket.ClientEngine.Protocol.dll, “SuperSocket.ClientEngine.Protocol for .NET 2.0” by King Gainer Lab has been detected as adware by 8 anti-malware scanners. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
SuperSocket  (signed by King Gainer Lab)

Product:
SuperSocket ClientEngine

Description:
SuperSocket.ClientEngine.Protocol for .NET 2.0

Version:
0.3.0.0

MD5:
d51628082a24c2ab0eced0e52fc44e9f

SHA-1:
ca3566e96025b9103831b2d14c97fda7b9d6c689

SHA-256:
146ef2ccbc25384cb4ed3ad1276eaa9f49ef7ae2711d77a7f21b526a52cc0212

Scanner detections:
8 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
4/24/2024 12:22:28 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3282

Baidu Antivirus
Adware.Win64.Crossrider
4.0.3.141122

IKARUS anti.virus
PUA.Plush
t3scan.1.6.1.0

nProtect
Trojan-Clicker/W32.Agent.19864
14.09.18.01

Reason Heuristics
PUP.KingGainerLab.FF
14.9.22.1

Sophos
AppRider
4.98

Vba32 AntiVirus
TScope.Trojan.MSIL
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

File size:
19.4 KB (19,864 bytes)

Product version:
0.3.0.0

Copyright:
Copyright © clientengine.codeplex.com 2012

Original file name:
SuperSocket.ClientEngine.Protocol.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\thetorntv v10\supersocket.clientengine.protocol.dll

Digital Signature
Signed by:
King Gainer Lab

Authority:
COMODO CA Limited

Valid from:
8/18/2014 8:00:00 PM

Valid to:
8/19/2015 7:59:59 PM

Subject:
CN=King Gainer Lab, O=King Gainer Lab, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
10B5049C2559348D7A87203A148C790A

File PE Metadata
Compilation timestamp:
4/11/2014 10:22:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
192:C/4sRQRZgwP1UOIQm5BF3MLpEJO/QNeDTI3kxADFz9PlVls8G7HZEIBeO+fcccWn:z0K1XmogLQQkmW8GdaO6cWmgLq05l82

Entry address:
0x51CE

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 48, 00, 00, 00, 58, 60, 00, 00, 44, 04...
 
[+]

Entropy:
5.9587

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
12.5 KB (12,800 bytes)

Remove SuperSocket.ClientEngine.Protocol.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.