home

lyricssay-15-bho64.dll

LyricsSay-15

Showpass

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module lyricssay-15-bho64.dll has been detected as adware by 10 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘CrossriderApp0043906’. This file is typically installed with the program LyricsSay-15 by Showpass which is a potentially unwanted software program. This is the 64-bit version of the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, Crossrider installs a BHO in the browser in order to manage the functionality of Showpass addon.
Publisher:
Showpass

Product:
LyricsSay-15

Description:
LyricsSay-15 BHO

Version:
1000.1000.1000.1000

MD5:
587fa643a3d99613c20d766ec9181d1e

SHA-1:
741a401bb4fc275b268cf140627616b58c33c761

SHA-256:
a31b946babac5ca1dbe9bb5e5e28b30f68a3e1552d3bb02982f2f3b48b148752

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will run as a BHO in Internet Explorer.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
11/27/2024 5:28:41 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.Win64.Toolbar.Crossrider
4.0.3.1453

Bkav FE
W32.Clodbf6.Trojan
1.3.0.4415

ESET NOD32
Win64/Toolbar.Crossrider (variant)
8.9018

K7 AntiVirus
Trojan
13.177.12080

Malwarebytes
PUP.Optional.Lyrics.S
v2014.05.03.04

McAfee
Artemis!2F343D4CD8C2
5600.7074

Panda Antivirus
PUP/PlusHD
14.07.09.11

Reason Heuristics
PUP.Crossrider.Showpass.S
14.5.3.16

Trend Micro House Call
TROJ_GEN.F47V0406
7.2.190

VIPRE Antivirus
Crossrider
23134

File size:
918.5 KB (940,544 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
LyricsSay-15.dll

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Program Files\lyricssay-15\lyricssay-15-bho64.dll

Registration
CLSIDs:
{11111111-1111-1111-1111-110411391106}, {22222222-2222-2222-2222-220422392206}

ProgIDs:
CrossriderApp0043906.BHO.1, CrossriderApp0043906.Sandbox.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
8/12/2013 2:56:48 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:2SHCZikk497RGI8M6rf0Nu7PMqs1S2TfXlFp:2g7qdRV8Rz0NuzZsbTf1n

Entry address:
0x7AF88

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, BB, C3, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 40, 55, 41, 54, 41, 55, 41, 56, 41, 57, 48, 83, EC, 50, 48, 8D, 6C, 24, 40, 48, 89, 5D, 40, 48, 89, 75, 48, 48, 89, 7D, 50, 48, 8B, 05, AA, 13, 06, 00, 48, 33, C5, 48, 89, 45, 08, 8B, 5D, 60, 33, FF, 4D, 8B, F1, 45, 8B, F8, 89, 55, 00, 85, DB, 7E, 2A, 44...
 
[+]

Code size:
636.5 KB (651,776 bytes)

Internet Explorer BHO
Display name:
CrossriderApp0043906

CLSID:
{11111111-1111-1111-1111-110411391106}

CLSID name:
LyricsSay-15


The file lyricssay-15-bho64.dll has been discovered within the following program.

LyricsSay-15  by Showpass
LyricsSay is an adware web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.
77% remove it
 
Powered by Should I Remove It?

Remove lyricssay-15-bho64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.