Newtonsoft.Json.dll

Json.NET

Secure Installer Inc

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. Newtonsoft.Json.dll is the assembly provides support for JSON parsing for .NET applications and is recompiled by Secure Installer Inc. The module Newtonsoft.Json.dll, “Json.NET .NET 2.0” by Secure Installer Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself.
Publisher:
Newtonsoft  (signed by Secure Installer Inc)

Product:
Json.NET

Description:
Json.NET .NET 2.0

Version:
4.0.8.14618

MD5:
ca2a920922b41ad1432ae6d745bcdee9

SHA-1:
56a04e46ec898e6772f200761c85b86fc8e1a6a2

SHA-256:
4f97b6661a914bd7035688315734c7986cc4f9d8165cf0534c41f08b533d1e13

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is the assembly provides support for JSON parsing for .NET applications. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:
11/5/2024 1:53:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Air Software (M)
17.2.28.14

File size:
367.6 KB (376,440 bytes)

Product version:
4.0.8.14618

Copyright:
Copyright © James Newton-King 2008

Original file name:
Newtonsoft.Json.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\driverrestore\newtonsoft.json.dll

Digital Signature
Authority:
Symantec Corporation

Valid from:
10/27/2015 6:00:00 PM

Valid to:
11/18/2018 5:59:59 PM

Subject:
CN=Secure Installer Inc, O=Secure Installer Inc, L=Pleasanton, S=California, C=US, SERIALNUMBER=C3712890, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
22AA79DFC593B122228F38161FC4414F

File PE Metadata
Compilation timestamp:
10/23/2013 1:33:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x5BA5E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0592

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
359 KB (367,616 bytes)

Remove Newtonsoft.Json.dll - Powered by Reason Core Security