home

addon control-buttonutil64.dll

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module addon control-buttonutil64.dll by Naruto Source has been detected as adware by 11 anti-malware scanners. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Naruto Source  (signed and verified)

MD5:
93cc79ba551a1f3624e14d18318ca7a9

SHA-1:
dcdd44c6f0a18cafbb27287fd77c9af2b2b0b349

SHA-256:
74885bda3d3434bf5d2b859b0b8ea386f80112c66429bcdbd4ca9d678a4f70fd

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Naruto Source.

Analysis date:
4/26/2024 3:53:43 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/CrossRider.pq
7.11.172.136

AVG
Generic
2015.0.3346

ESET NOD32
Win64/Toolbar.Crossrider (variant)
8.10422

Fortinet FortiGate
Adware/Adwapper
10/3/2014

herdProtect (fuzzy)
variant of thehdvid-codec v10-buttonutil64.dll (Adware)
2014.11.30.20

IKARUS anti.virus
PUA.Toolbar.CrossRider
t3scan.1.7.8.0

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
14.0.0.3225

McAfee
Artemis!56837AFB8C72
5600.6989

Panda Antivirus
Trj/Chgt.F
14.09.19.10

Qihoo 360 Security
Win32/Virus.Adware.970
1.0.0.1015

Reason Heuristics
PUP.Crossrider.NarutoSource.AA
14.9.19.22

File size:
464.9 KB (476,008 bytes)

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\Program Files\addon control\addon control-buttonutil64.dll

Digital Signature
Signed by:
Naruto Source

Authority:
COMODO CA Limited

Valid from:
7/27/2014 8:00:00 PM

Valid to:
7/28/2015 7:59:59 PM

Subject:
CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1CE82906A7F364268F66771839675655

File PE Metadata
Compilation timestamp:
9/13/2014 6:02:44 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:4MP+n7K/Te19DS+yACUVLj0bFM0kJqK7bSoPaulJwTssJ/kMnyGijPpTBzG+St8e:llL+rLpNZXvlPstznyhpTtG+MN

Entry address:
0x2D57C

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, EF, A9, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, F0, F7, 03, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
6.2295

Code size:
306.5 KB (313,856 bytes)

Remove addon control-buttonutil64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.