» Shopping Sidekick.dll
Overview
Analysis
File Details
Behaviors (1)

Shopping Sidekick.dll

Shopping Sidekick

Friendly Apps

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module Shopping Sidekick.dll, “Shopping Sidekick BHO” by Friendly Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘CrossriderApp0005058’.

File name:

Publisher:

215 Apps (signed by Friendly Apps)

Product:

Shopping Sidekick

Description:

Shopping Sidekick BHO

Version:

1.1.150.17

MD5:

66e11df69dfc780f05d81cd0374aee32

SHA-1:

eb015fd0c63eb1d39f887e2a5d1b347603b1997b

SHA-256:

f7d9b0a6ca672bdbd63e92c5e529e9d677dc2aee9fd242137b0b06f86187f20d

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/17/2024 1:27:32 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.50OnRed (M)

16.12.22.8

File size:

597.4 KB (611,720 bytes)

Product version:

1.1.150.17

Original file name:

Shopping Sidekick.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\shopping sidekick\shopping sidekick.dll

Digital Signature

Signed by:

Friendly Apps

Authority:

Thawte, Inc.

Valid from:

4/30/2012 8:00:00 PM

Valid to:

5/1/2013 7:59:59 PM

Subject:

CN=Friendly Apps, O=Friendly Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

56D17D2D52C2BC3A2CECDA129CA33619

Registration

CLSIDs:

{11111111-1111-1111-1111-110011501158}, {22222222-2222-2222-2222-220022502258}

ProgIDs:

CrossriderApp0005058.BHO.1, CrossriderApp0005058.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

8/16/2012 2:12:53 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0x3AB18

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 3C, 9B, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 0B, C3, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, E0, 6D, 08, 10, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18... 
[+]

Entropy:

6.5972

Code size:

417.5 KB (427,520 bytes)

Internet Explorer BHO

Display name:

CrossriderApp0005058

CLSID:

{11111111-1111-1111-1111-110011501158}

CLSID name:

Shopping Sidekick

Remove Shopping Sidekick.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.