home

app lid-buttonutil.dll

Armageddon Labs (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module app lid-buttonutil.dll by Armageddon Labs (BrightCircle Investments Limited) has been detected as adware by 18 anti-malware scanners. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Armageddon Labs (BrightCircle Investments Limited)  (signed and verified)

MD5:
63fc3128029da9633c186e81e530c266

SHA-1:
a73f9c6010fb8fe49792db4f7ed6f7f10e1df4c6

SHA-256:
90d987cf8b82b1c2fe8aac7598483668e4b163b6ee6dc7d936c8423f5e84bb29

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Armageddon Labs (BrightCircle Investments Limited).

Analysis date:
4/25/2024 2:26:22 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.zy5@kyL6Efni
6213306

Avira AntiVirus
ADWARE/CrossRider.Gen7
7.11.197.30

AVG
Generic
2015.0.3253

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141223

Bitdefender
Gen:Application.Heur.zy5@kyL6Efni
1.0.20.1780

Dr.Web
DLOADER.Trojan
9.0.1.0356

Emsisoft Anti-Malware
Gen:Application.Heur.zy5@kyL6Efni
9.0.0.4668

ESET NOD32
Win32/Toolbar.CrossRider.BD potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Application.Heur.zy5@kyL6Efni
5.13.68

G Data
Gen:Application.Heur.zy5@kyL6Efni
14.12.24

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
15.0.0.543

MicroWorld eScan
Gen:Application.Heur.zy5@kyL6Efni
15.0.0.1068

Norman
Gen:Application.Heur.zy5@kyL6Efni
04.12.2014 14:30:06

Panda Antivirus
Generic Suspicious
14.12.23.12

Qihoo 360 Security
Win32/Application.df5
1.0.0.1015

Reason Heuristics
PUP.Crossrider.ArmageddonLabsBrightCircleInvestmentsLimited.S
15.1.4.17

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.141220

Sophos
PUA 'AppRider' (of type Adware)
5.09

File size:
401.5 KB (411,104 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\app lid\app lid-buttonutil.dll

Digital Signature
Signed by:
Armageddon Labs (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
12/1/2014 12:00:00 AM

Valid to:
12/1/2015 11:59:59 PM

Subject:
CN=Armageddon Labs (BrightCircle Investments Limited), O=Armageddon Labs (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C5692390E715129E144F950D09DA6E8A

File PE Metadata
Compilation timestamp:
12/21/2014 11:33:53 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:9vTomN3S1mY2CmvOTXNS3ZfDuz1n1Q1S3+TB4BgK82PFVn6S:9vNC1R2CmvOTXmbujZ3+T62KdtVn6S

Entry address:
0x29223

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 91, 97, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, E0, 12, 05, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 48, 91, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 30, 79, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
261.5 KB (267,776 bytes)

Remove app lid-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.