home

WebSocket4Net.dll

Motoko Group

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The module WebSocket4Net.dll, “WebSocket4Net for .NET 2.0” by Motoko Group has been detected as adware by 23 anti-malware scanners. The library is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
WebSocket4Net  (signed by Motoko Group)

Product:
WebSocket4Net

Description:
WebSocket4Net for .NET 2.0

Version:
0.9.0.0

MD5:
c27da74a71fc8d4e7c684fdfab26ec12

SHA-1:
b4683554d586e3d4f61fc8de38efddb6c1b60705

SHA-256:
3838b7f700ba52494ae03c138614b894c84d7b8bad6d56b7cb340cb7086779e1

Scanner detections:
23 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/25/2024 11:34:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.BW
838

Avira AntiVirus
Adware/CrossRider.pl
7.11.170.74

AVG
Generic
2015.0.3316

Baidu Antivirus
Trojan.Win32.GoogUpdate
4.0.3.141019

Bitdefender
Adware.SwiftBrowse.BW
1.0.20.1460

Clam AntiVirus
Win.Trojan.Swiftbrowse-14
0.98/21411

Dr.Web
Trojan.Crossrider.28247
9.0.1.05190

Emsisoft Anti-Malware
Adware.SwiftBrowse.BW
8.14.10.19.03

F-Prot
W32/A-7f649687
v6.4.7.1.166

F-Secure
Adware.SwiftBrowse.BW
11.2014-19-10_1

G Data
Adware.SwiftBrowse.BW
14.10.24

IKARUS anti.virus
PUA.Plush
t3scan.1.6.1.0

Kaspersky
Trojan.NSIS.GoogUpdate
15.0.0.494

McAfee
Artemis!0317784E8C0C
5600.6972

MicroWorld eScan
Adware.SwiftBrowse.BW
15.0.0.876

nProtect
Trojan/W32.Agent.64408.D
14.09.22.01

Panda Antivirus
Trj/Chgt.C
14.10.19.03

Qihoo 360 Security
Win32/Trojan.fb4
1.0.0.1015

Reason Heuristics
PUP.MotokoGroup.N
14.10.19.15

Sophos
Generic PUA HD
4.98

Total Defense
Win32/Tnega.DHebTdC
37.0.11236

Vba32 AntiVirus
Trojan.GoogUpdate
3.12.26.3

VIPRE Antivirus
Threat.4789396
30086

File size:
62.9 KB (64,360 bytes)

Product version:
0.9.0.0

Copyright:
Copyright © websocket4net.codeplex.com 2012

Original file name:
WebSocket4Net.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\hd-v1.9\websocket4net.dll

Digital Signature
Signed by:
Motoko Group

Authority:
COMODO CA Limited

Valid from:
7/18/2014 1:00:00 AM

Valid to:
7/19/2015 12:59:59 AM

Subject:
CN=Motoko Group, O=Motoko Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AAFC4F8011F7FD7C00748C990950D28A

File PE Metadata
Compilation timestamp:
5/26/2014 2:13:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:krKEBvRG7IE/kWkMm+kDjHz66x8ljDAMIonIg7TsXZ/:krXBv07cEm+knHz66iljDAMIonIg7TU

Entry address:
0xFFCE

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 48, 00, 00, 00, 58, 00, 01, 00, AC, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
56 KB (57,344 bytes)

Remove WebSocket4Net.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.