home

clickmovie1-downloaderv10-buttonutil.dll

Magne­sium Play Apps

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module clickmovie1-downloaderv10-buttonutil.dll by Magne­sium Play Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Magne­sium Play Apps  (signed and verified)

MD5:
b0ca1611cb6a5966d51d017b9333b33d

SHA-1:
41be571b9157c3924f5a1e8301f2a5acee51ab3f

SHA-256:
7bcf1466de0e7e7961242a9fa4b2a78bf20be6890109e881d97bc3b3eb0efa75

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Magne­sium Play Apps.

Analysis date:
4/26/2024 4:54:35 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider (M)
17.1.25.11

File size:
370.4 KB (379,304 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\clickmovie1-downloaderv10\clickmovie1-downloaderv10-buttonutil.dll

Digital Signature
Signed by:
Magne­sium Play Apps

Authority:
COMODO CA Limited

Valid from:
8/28/2014 4:00:00 AM

Valid to:
8/29/2015 3:59:59 AM

Subject:
CN=Magne­sium Play Apps, O=Magne­sium Play Apps, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0085BAD4AB3BC6504E824183F7EA00BCA6

File PE Metadata
Compilation timestamp:
9/25/2014 11:34:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x25603

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 9C, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 78, 93, 04, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 28, 11, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 70, 27, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3029

Developed / compiled with:
Microsoft Visual C++

Code size:
243.5 KB (249,344 bytes)

Remove clickmovie1-downloaderv10-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.