Newtonsoft.Json.dll

Json.NET

Numlock Apps

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. Newtonsoft.Json.dll is the assembly provides support for JSON parsing for .NET applications and is recompiled by Numlock Apps. The module Newtonsoft.Json.dll, “Json.NET .NET 2.0” by Numlock Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Newtonsoft  (signed by Numlock Apps)

Product:
Json.NET

Description:
Json.NET .NET 2.0

Version:
6.0.3.17227

MD5:
49b6bbd8a26d5a78b4543fff7c946324

SHA-1:
6d9c32ea47b0b814f27e0f1b612ebdc366d2dc83

SHA-256:
ce635e18e5ea3e55f45f370d3bd5a055275b924fa817cd9b38ea336d5aca4285

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is the assembly provides support for JSON parsing for .NET applications. While the file itself is not dangerous, it is part of a program that has been detected. Distributed through the Brightcircle investments brand.

Analysis date:
11/27/2024 12:12:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Brightcircle (M)
17.1.10.7

File size:
483.9 KB (495,504 bytes)

Product version:
6.0.3.17227

Copyright:
Copyright © James Newton-King 2008

Original file name:
Newtonsoft.Json.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\browsers+apps+1.1\newtonsoft.json.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/27/2014 4:00:00 PM

Valid to:
8/28/2015 3:59:59 PM

Subject:
CN=Numlock Apps, O=Numlock Apps, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
34E54C953CED93CA3918EF9B1B0A8F93

File PE Metadata
Compilation timestamp:
4/26/2014 7:12:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x7930E

Entry point:
FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8776

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
477 KB (488,448 bytes)

Remove Newtonsoft.Json.dll - Powered by Reason Core Security