home

app lid-buttonutil.dll

Sara Kodama Project

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module app lid-buttonutil.dll by Sara Kodama Project has been detected as adware by 20 anti-malware scanners. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Sara Kodama Project  (signed and verified)

MD5:
a020f0c7d04074e4525075bdf182983c

SHA-1:
2274c1ee117639805731c124d894c9c13567a60a

SHA-256:
aacb85504dbdb3a945b9eeeb30ed761c841aed47d1f4bdcff8eee56addc70fe5

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Sara Kodama Project.

Analysis date:
5/14/2024 4:06:08 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.wy5@kC2f!Jai
799

AhnLab V3 Security
PUP/Win32.CrossRider
2014.11.19

Avira AntiVirus
Adware/CrossRider.369560
7.11.187.4

AVG
Generic
2015.0.3277

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141128

Bitdefender
Gen:Application.Heur.wy5@kC2f!Jai
1.0.20.1660

Dr.Web
DLOADER.Trojan
9.0.1.0332

ESET NOD32
Win32/Toolbar.CrossRider.BD (variant)
8.10744

Fortinet FortiGate
W32/GoogUpdate.BD!tr
11/28/2014

F-Secure
Gen:Application.Heur.wy5@kC2f!Jai
11.2014-28-11_6

G Data
Gen:Application.Heur.wy5@kC2f!Jai
14.11.24

K7 AntiVirus
Unwanted-Program
13.185.14057

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.2879

McAfee
Artemis!A020F0C7D040
5600.6933

MicroWorld eScan
Gen:Application.Heur.wy5@kC2f!Jai
15.0.0.996

Panda Antivirus
Trj/Genetic.gen
14.11.28.04

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Crossrider.SaraKodamaProject.S
14.11.28.3

Sophos
Generic PUA CC
4.98

VIPRE Antivirus
Trojan.Win32.Generic
34906

File size:
360.9 KB (369,568 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\app lid\app lid-buttonutil.dll

Digital Signature
Signed by:
Sara Kodama Project

Authority:
COMODO CA Limited

Valid from:
10/20/2014 3:30:00 AM

Valid to:
10/21/2015 3:29:59 AM

Subject:
CN=Sara Kodama Project, O=Sara Kodama Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75E47031A737D2A200F0C7A94034399F

File PE Metadata
Compilation timestamp:
11/16/2014 12:07:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:K1FphHACzi8qgAgxFwG04cqevTBCXNcpE3VBJUQk+:K/phgCzi3ixFVZevTgXNcp4+Qk+

Entry address:
0x24FF3

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 91, 97, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 70, 71, 04, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 28, F1, 04, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 10, 05, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.2820

Developed / compiled with:
Microsoft Visual C++

Code size:
235.5 KB (241,152 bytes)

Remove app lid-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.