» button64.exe
Overview
Analysis
File Details
Programs (1)

button64.exe

Cloud Software

The application button64.exe by Cloud Software has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Browser Extensions by Spigot, Inc. which is a potentially unwanted software program.

File name:

button64.exe

Publisher:

Cloud Software (signed and verified)

Version:

1, 9, 0, 1

MD5:

b44094359cb72219cd54a6b2cb0670e8

SHA-1:

fdb5893346b985a4ed6575fe45fc89969254155b

SHA-256:

eee4cd17b2ef5e851960588c7ff94931b1291c4707b648f6308824bec520bf7b

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/12/2024 1:51:12 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Spigot (M)

17.3.7.18

File size:

185.3 KB (189,736 bytes)

Product version:

1, 9, 0, 1

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\browserextensions\button64.exe

Digital Signature

Signed by:

Cloud Software

Authority:

DigiCert Inc

Valid from:

3/8/2016 7:00:00 AM

Valid to:

3/7/2017 7:00:00 PM

Subject:

CN=Cloud Software, O=Cloud Software, L=Incline Village, S=Nevada, C=US

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

09C8D9FCE70C8F921CB55912E7F1B2DE

File PE Metadata

Compilation timestamp:

3/1/2017 2:47:30 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

9.0

Entry address:

0x3FC8

Entry point:

48, 83, EC, 28, E8, 03, 2D, 00, 00, 48, 83, C4, 28, E9, 56, FE, FF, FF, CC, CC, 48, 89, 0D, 6D, 9E, 02, 00, C3, 40, 53, 48, 81, EC, E0, 05, 00, 00, 83, 64, 24, 70, 00, 48, 8D, 4C, 24, 74, 33, D2, 41, B8, 94, 00, 00, 00, E8, CC, 02, 00, 00, 4C, 8D, 5C, 24, 70, 48, 8D, 84, 24, 10, 01, 00, 00, 48, 8D, 8C, 24, 10, 01, 00, 00, 4C, 89, 5C, 24, 48, 48, 89, 44, 24, 50, FF, 15, 3F, A1, 00, 00, 48, 8B, 9C, 24, 08, 02, 00, 00, 48, 8D, 54, 24, 40, 48, 8B, CB, 45, 33, C0, E8, E1, 8C, 00, 00, 48, 85, C0, 74, 3B, 48, 83... 
[+]

Entropy:

4.9279

Code size:

50 KB (51,200 bytes)

The file button64.exe has been discovered within the following program.

Browser Extensions by Spigot, Inc.

Publisher's description - “The toolbar communicates with our servers from time to time to check for available software updates such as bug fixes, patches, enhanced functions and new versions. By installing the toolbar, you agree to automatically request and receive updates.”

www.spigot.com

66% remove it

Remove button64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.