home

Splash.exe

Splash

Dragon Big Lab

The application Splash.exe by Dragon Big Lab has been detected as a potentially unwanted program by 7 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Dragon Big Lab  (signed and verified)

Product:
Splash

Version:
2.6.5.0

MD5:
10264919e239a6ff2cc3aaf5d0172324

SHA-1:
3067f115770d47eaff42f0070ab8a4d4f4ba0e42

SHA-256:
b48b75f4dd49e00e232ad2127e9b9bb4f33b08f894b5f6bfbcc6eb2b1c2aac61

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
11/27/2024 2:53:41 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.16214

Bkav FE
W32.HfsAdware
1.3.0.6379

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
10.7.0.302.0

Malwarebytes
PUP.Optional.DrPC.A
v2016.02.14.03

Reason Heuristics
Win32.Generic
16.2.14.3

Trend Micro House Call
Suspicious_GEN.F47V0115
7.2.45

VIPRE Antivirus
Crossrider
36680

File size:
248.9 KB (254,920 bytes)

Product version:
2.6.5.0

Copyright:
Copyright © 2014

Original file name:
Splash.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\doctor pc\doctor pc 2.6.5\install\84f2cc6\splash.exe

Digital Signature
Signed by:
Dragon Big Lab

Authority:
COMODO CA Limited

Valid from:
8/19/2014 3:00:00 AM

Valid to:
8/20/2015 2:59:59 AM

Subject:
CN=Dragon Big Lab, O=Dragon Big Lab, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
5C962D18EA9BECD72508C97E4F8FCD67

File PE Metadata
Compilation timestamp:
11/21/2014 9:23:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:KJzdjdmB8pwfxiUNX3QciTBuH3+xCn2stVCO4GB/ZZH3GcU:ZJQAXZ2st7VZZXLU

Entry address:
0x25ACE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
143 KB (146,432 bytes)

Remove Splash.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.