» 991501cd-64a7-41d7-b45e-3ae48e705c86.dll
Overview
Analysis
File Details
Programs (1)

991501cd-64a7-41d7-b45e-3ae48e705c86.dll

ColoColo Apps (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module 991501cd-64a7-41d7-b45e-3ae48e705c86.dll by ColoColo Apps (Bright Circle Investments) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Internet Speed Checker by Sailor Project which is a potentially unwanted software program. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

ColoColo Apps (Bright Circle Investments Ltd) (signed and verified)

MD5:

ba523ac135bb996b934e19b41514e6fe

SHA-1:

ecfc456713a321be5905cd8265ee87e7fda27440

SHA-256:

96c15ab1a2992a36c6cc23c96051ed909b6bdcc3481d4574c166b03a208d4994

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/23/2024 8:02:25 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.BrightCircle (M)

17.3.15.3

File size:

171.5 KB (175,576 bytes)

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\amd\991501cd-64a7-41d7-b45e-3ae48e705c86.dll

Digital Signature

Signed by:

ColoColo Apps (Bright Circle Investments Ltd)

Authority:

COMODO CA Limited

Valid from:

12/16/2014 7:00:00 AM

Valid to:

12/17/2015 6:59:59 AM

Subject:

CN=ColoColo Apps (Bright Circle Investments Ltd), O=ColoColo Apps (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D815C7CD687694A6F4119A3535D31D7A

File PE Metadata

Compilation timestamp:

2/3/2015 6:05:02 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

Entry address:

0xB5E2

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, F1, 54, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 30, 14, 02, 10, E8, FF, 18, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, E0, 64, 02, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, AC, C2, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.0608

Developed / compiled with:

Microsoft Visual C++

Code size:

100.5 KB (102,912 bytes)

The file 991501cd-64a7-41d7-b45e-3ae48e705c86.dll has been discovered within the following program.

Internet Speed Checker by Sailor Project

Internet Speed Checker is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

62% remove it

Remove 991501cd-64a7-41d7-b45e-3ae48e705c86.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.