home

54dc16.rbf

Json.NET

MY POP SHOP LTD

The file 54dc16.rbf, “Json.NET .NET 2.0” by MY POP SHOP has been detected as adware by 3 anti-malware scanners.
Publisher:
Newtonsoft  (signed by MY POP SHOP LTD)

Product:
Json.NET

Description:
Json.NET .NET 2.0

Version:
5.0.4.16025

MD5:
26b5d35918741c85ccd612dcc8492287

SHA-1:
b407180a6589e50b7b72f16f6b9c9ee7c02f2559

SHA-256:
c42b806cd4dbf2fb1f4b7f5cd54a3f4e75184b7e50821f473bb75a640d579c6c

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/23/2024 8:16:03 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Revizer.725
9.0.1.05190

ESET NOD32
MSIL/Toolbar.Linkury.Q potentially unwanted application
8.0.319.0

Reason Heuristics
PUP.Resoft.MYPOPSHO (M)
16.6.13.16

File size:
425.5 KB (435,712 bytes)

Product version:
5.0.4.16025

Copyright:
Copyright © James Newton-King 2008

Original file name:
Newtonsoft.Json.dll

Language:
Language Neutral

Common path:
C:\users\jan\config.msi\54dc16.rbf

Digital Signature
Signed by:
MY POP SHOP LTD

Authority:
COMODO CA Limited

Valid from:
7/7/2014 12:00:00 AM

Valid to:
7/7/2015 11:59:59 PM

Subject:
CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4A7D93FD75281A37A4ADCDCD636D3ADB

File PE Metadata
Compilation timestamp:
4/24/2013 11:40:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:KW31W5cFPl8ihylrbMoxv4QYHD8YNy9FKU/r0tq2mHaN+Sml7HTE:1ZVl89Nb9v4v2QoLlbTE

Entry address:
0x69CFE

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0781

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
415.5 KB (425,472 bytes)

Remove 54dc16.rbf - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.