» apps hat-buttonutil64.dll
Overview
Analysis
File Details

apps hat-buttonutil64.dll

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The module apps hat-buttonutil64.dll by Sailor Project has been detected as adware by 5 anti-malware scanners. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Sailor Project (signed and verified)

MD5:

2f6bba40f9f0316494d7425bb660b483

SHA-1:

98244c32d24ce350ac6c5b4d8d4a186d70469ca2

SHA-256:

cf30f24cb1e7d5a063b910e112201dc66051648cb428e9fea030965d187f8054

Scanner detections:

5 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Sailor Project.

Analysis date:

4/20/2024 7:51:37 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.163.230

ESET NOD32

Win64/Toolbar.Crossrider (variant)

8.10149

IKARUS anti.virus

AdWare.Adload

t3scan.1.6.1.0

Reason Heuristics

PUP.Crossrider.SailorProject.V

14.7.27.12

VIPRE Antivirus

Crossrider

31570

File size:

429.9 KB (440,168 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\apps hat\apps hat-buttonutil64.dll

Digital Signature

Signed by:

Sailor Project

Authority:

COMODO CA Limited

Valid from:

7/18/2014 2:00:00 AM

Valid to:

7/19/2015 1:59:59 AM

Subject:

CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47C5F145C734CD3D086C0A102176F0A1

File PE Metadata

Compilation timestamp:

7/22/2014 12:06:03 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:FscWyUDCAK6XOyKcRiD9OzK7V1lKZuQqPLiMIcTM75WxzIaFNcCTBVRwZpZFbi4Q:OC/hqwop7UIaQCTrRoj5DG

Entry address:

0x2C49C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, EF, A9, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 70, 89, 03, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.1973

Code size:

279.5 KB (286,208 bytes)

Remove apps hat-buttonutil64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.