» buttonutil.dll
Overview
Analysis
File Details
Programs (1)

buttonutil.dll

Excellent Apps

This file is a support library for an advertising-based software package (potentially unwanted/adware) distributed by 50onRed used to hijack the Internet browser search provider. The module buttonutil.dll by Excellent Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Coupon Caddy by 215 Apps which is a potentially unwanted software program.

File name:

buttonutil.dll

Publisher:

Excellent Apps (signed and verified)

MD5:

af2905673e2e60e86821424a439e792f

SHA-1:

dca017033a9ab0716a16eebb6ce83e0f24a9aeb8

SHA-256:

f2ee13febc416328ccd7b89cf55d08b75c651600698b51b26c07c01e551436fd

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/16/2024 10:57:07 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.50OnRed.ExcellentApps (M)

16.2.7.9

File size:

232.9 KB (238,472 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\coupon caddy\buttonutil.dll

Digital Signature

Signed by:

Excellent Apps

Authority:

Thawte, Inc.

Valid from:

8/28/2012 8:00:00 PM

Valid to:

8/29/2013 7:59:59 PM

Subject:

CN=Excellent Apps, O=Excellent Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

6D2FB6375D3A8788B735FEDBD060732B

File PE Metadata

Compilation timestamp:

1/3/2013 12:51:58 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:0ur54TmpgV0EGANyzcODG9nbTM/Os4plJmk+a1om:hdQmpgV0EGApnbTM2s4pBHom

Entry address:

0x1AC42

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 0C, 61, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 90, 50, 03, 10, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 78, E2, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 68, E2, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85... 
[+]

Entropy:

6.5960

Code size:

170 KB (174,080 bytes)

The file buttonutil.dll has been discovered within the following program.

Coupon Caddy by 215 Apps

Coupon Caddy from 215 Apps (Amazing Apps/Friendly Apps) installs a web browser extension such as an Internet Explorer Browser Helper Object (BHO) in order to view web pages loaded and look for affiliated merchants in order to provide alternative deals on a given product or merhcant.

83% remove it

Remove buttonutil.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.