hipomatic-bho64.dll

Ori Rejwan

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module hipomatic-bho64.dll by Ori Rejwan has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘CrossriderApp0036652’. This file is typically installed with the program Hipomatic by Ori Rejwan which is a potentially unwanted software program. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of Hipomatic addon.
Publisher:
Hipomatic  (signed by Ori Rejwan)

Product:
Hipomatic

Description:
Hipomatic BHO

Version:
1000.1000.1000.1000

MD5:
239b7d41cd6c685c276ac28da37e15a9

SHA-1:
1593d41b76c689a471667c8b0a6d5fc853edb543

SHA-256:
cb3da06b6adda2d03b193967ec20f5c8c043657e3dba69152a87a4f2a5824e34

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Ori Rejwan.

Analysis date:
12/25/2024 4:23:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider (M)
16.7.30.13

File size:
945.9 KB (968,632 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Hipomatic.dll

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Program Files\hipomatic\hipomatic-bho64.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/18/2012 5:00:00 PM

Valid to:
3/19/2014 4:59:59 PM

Subject:
CN=Ori Rejwan, O=Ori Rejwan, STREET=42 Balfure Street, STREET=Apartment 11, L=Tel Aviv, S=TLV, PostalCode=65212, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C5D28FC139933ADFC598CADDA3492604

Registration
CLSIDs:
{11111111-1111-1111-1111-110311661152}, {22222222-2222-2222-2222-220322662252}

ProgIDs:
CrossriderApp0036652.BHO.1, CrossriderApp0036652.Sandbox.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
10/22/2013 2:59:29 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:bZlmezuuEG8DiwV1qCOdC9dnaN2V0NaTGfAAiWTzC9DYiD:bZlm71j3KC5jZOMT3CzC91D

Entry address:
0x7B180

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 8B, D9, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 9C, 8F, 06, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
6.2091

Code size:
636.5 KB (651,776 bytes)

Internet Explorer BHO
Display name:
CrossriderApp0036652

CLSID:
{11111111-1111-1111-1111-110311661152}

CLSID name:
Hipomatic


The file hipomatic-bho64.dll has been discovered within the following program.

Hipomatic  by Ori Rejwan
Hipomatic is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.
82% remove it
 
Powered by Should I Remove It?

Remove hipomatic-bho64.dll - Powered by Reason Core Security