» thetorntv v10-bho64.dll
Overview
Analysis
File Details

thetorntv v10-bho64.dll

TheTorntv V10

Pess Kess Games

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module thetorntv v10-bho64.dll, “TheTorntv V10 BHO” by Pess Kess Games has been detected as adware by 33 anti-malware scanners. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of esc addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

esc (signed by Pess Kess Games)

Product:

TheTorntv V10

Description:

TheTorntv V10 BHO

Version:

1000.1000.1000.1000

MD5:

f6e0a37771fa08c02169d212a622641e

SHA-1:

608a0460a047523e594a13c018d35fac7cba00e0

SHA-256:

7d6d6aafb9ce91e3a058f076b45ede4fdcb5a5b50d52f5908c08208f523398ea

Scanner detections:

33 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Pess Kess Games.

Analysis date:

4/19/2024 12:13:49 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.1093597

368

Agnitum Outpost

PUA.AdLoad

7.1.1

AhnLab V3 Security

Win-PUP/CrossRider

2015.03.04

Avira AntiVirus

ADWARE/CrossRider.Gen

7.11.213.100

avast!

Win32:Crossrider-AI [PUP]

2014.9-160201

AVG

Generic

2017.0.2846

Baidu Antivirus

Adware.Win64.CrossAd

4.0.3.1621

Bitdefender

Adware.Generic.1093597

1.0.20.160

Comodo Security

ApplicUnwnt

21286

Dr.Web

Trojan.Crossrider.38764

9.0.1.032

Emsisoft Anti-Malware

Adware.Generic.1093597

8.16.02.01.05

ESET NOD32

Win64/Toolbar.Crossrider.L potentially unwanted (variant)

10.11265

Fortinet FortiGate

W32/GoogUpdate.DR!tr

2/1/2016

F-Secure

Adware.Generic.1093597

11.2016-01-02_2

G Data

Adware.Generic.1093597

16.2.25

IKARUS anti.virus

AdWare.Adload

t3scan.1.7.5.0

K7 AntiVirus

Trojan

13.200.15150

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.726

Malwarebytes

PUP.Optional.TornTV.A

v2016.02.01.05

McAfee

Artemis!136A6F0FCBB8

5600.6502

MicroWorld eScan

Adware.Generic.1093597

17.0.0.96

NANO AntiVirus

Trojan.Win64.GoogUpdate.divcvb

0.30.0.296

Panda Antivirus

Trj/Chgt.K

16.02.01.05

Qihoo 360 Security

Win32/Virus.Adware.de5

1.0.0.1015

Quick Heal

Trojan.NSIS.r7

2.16.14.00

Reason Heuristics

Adware.Crossrider.Brightcircle (M)

16.2.1.17

Rising Antivirus

PE:Trojan.Win32.Generic.178EAD99!395226521

23.00.65.16130

Sophos

AppRider

4.98

Trend Micro House Call

TROJ_GEN.F0C2C00KR14

7.2.32

Trend Micro

TROJ_GEN.F0C2C00KR14

10.465.01

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

VIPRE Antivirus

Crossrider

38104

Zillya! Antivirus

Trojan.GoogUpdate.Win64.332

2.0.0.2088

File size:

860.9 KB (881,560 bytes)

Product version:

1000.1000.1000.1000

Original file name:

TheTorntv V10.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\thetorntv v10\thetorntv v10-bho64.dll

Digital Signature

Signed by:

Pess Kess Games

Authority:

COMODO CA Limited

Valid from:

8/28/2014 4:00:00 AM

Valid to:

8/29/2015 3:59:59 AM

Subject:

CN=Pess Kess Games, O=Pess Kess Games, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00985357810266ED5784B0A15904D65082

Registration

CLSIDs:

{11111111-1111-1111-1111-110611331111}, {22222222-2222-2222-2222-220622332211}

ProgIDs:

9ab333d0052b01323ffd0f6cdde3bdb00063311.BHO.1, 9ab333d0052b01323ffd0f6cdde3bdb00063311.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

10/20/2014 11:34:35 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:7GZaPvIUmVkDNW6clny/C/d3Hctw3g/YfOg+e6O4FJZxgLHWYQ4A16FHVFMbHpKu:tLUf3HGhCf3NvzBu/buAGeTPVrBHjBz

Entry address:

0x64634

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 83, C9, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 10, 63, 06, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2807

Code size:

572.5 KB (586,240 bytes)

Remove thetorntv v10-bho64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.