home

WebSocket4Net.dll

Motoko Group

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The module WebSocket4Net.dll, “WebSocket4Net for .NET 2.0” by Motoko Group has been detected as adware by 4 anti-malware scanners. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
WebSocket4Net  (signed by Motoko Group)

Product:
WebSocket4Net

Description:
WebSocket4Net for .NET 2.0

Version:
0.9.0.0

MD5:
186dec49e69756f5adb4fbab09a51fd3

SHA-1:
c925d67592792bfad0113e9db1fd6ce1b0f18653

SHA-256:
afa9d310ccc48a34f942f893f13b1217a476f47b14ac617e3027b86e32a69a85

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
4/19/2024 10:23:21 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3398

IKARUS anti.virus
PUA.Plush
t3scan.1.6.1.0

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.3486

Reason Heuristics
PUP.MotokoGroup.N
14.7.27.13

File size:
62.9 KB (64,360 bytes)

Product version:
0.9.0.0

Copyright:
Copyright © websocket4net.codeplex.com 2012

Original file name:
WebSocket4Net.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\hd-v1.9\websocket4net.dll

Digital Signature
Signed by:
Motoko Group

Authority:
COMODO CA Limited

Valid from:
7/18/2014 2:00:00 AM

Valid to:
7/19/2015 1:59:59 AM

Subject:
CN=Motoko Group, O=Motoko Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AAFC4F8011F7FD7C00748C990950D28A

File PE Metadata
Compilation timestamp:
5/26/2014 3:13:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:PrKEBvRG7IE/kWkMm+kDjHz66x8ljDAMIonIg7TsXM:PrXBv07cEm+knHz66iljDAMIonIg7TF

Entry address:
0xFFCE

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 48, 00, 00, 00, 58, 00, 01, 00, AC, 03...
 
[+]

Entropy:
5.8773

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
56 KB (57,344 bytes)

Remove WebSocket4Net.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.