» thetorntv v10-nova.dll
Overview
Analysis
File Details

thetorntv v10-nova.dll

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The module thetorntv v10-nova.dll by Sailor Project has been detected as adware by 10 anti-malware scanners. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Sailor Project (signed and verified)

MD5:

0bfc694df2f9cb38feb5a9ae175d5504

SHA-1:

fa92c433f99eaa11f61a8406e9b77ce6a8c752dd

SHA-256:

e13ed3c7aba2ae71fc1ac8641b004fb598f08eb0c0c6cd2dd0f4e19916584e77

Scanner detections:

10 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

5/5/2024 8:50:00 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-140929

AVG

Generic

2015.0.3336

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.14929

G Data

Win32.Adware.Crossrider

14.9.24

K7 AntiVirus

Adware

13.182.12945

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.3177

Panda Antivirus

Trj/Genetic.gen

14.07.27.07

Reason Heuristics

PUP.SailorProject.S

14.7.27.12

Rising Antivirus

PE:Malware.Bundlore!6.180F

23.00.65.14725

VIPRE Antivirus

Goobzo

31910

File size:

129.9 KB (132,968 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\thetorntv v10\thetorntv v10-nova.dll

Digital Signature

Signed by:

Sailor Project

Authority:

COMODO CA Limited

Valid from:

7/17/2014 8:00:00 PM

Valid to:

7/18/2015 7:59:59 PM

Subject:

CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47C5F145C734CD3D086C0A102176F0A1

File PE Metadata

Compilation timestamp:

7/25/2014 6:03:28 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:yTv62A5bL3+uN5M1tzFk63JnkwE6Tf+2cJYKsWjcdGscpjj+4+9GI1:yL6L5z+uatm6a6Tf+KVGscpjj+n9GM

Entry address:

0x6768

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, FF, 38, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 78, 9B, 01, 10, E8, D9, 14, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 4C, C2, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, C0, 50, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.1352

Developed / compiled with:

Microsoft Visual C++

Code size:

75 KB (76,800 bytes)

Remove thetorntv v10-nova.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.