» clip-high_d_06-buttonutil.dll
Overview
Analysis
File Details
Programs (1)

clip-high_d_06-buttonutil.dll

Krance Development

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module clip-high_d_06-buttonutil.dll by Krance Development has been detected as adware by 11 anti-malware scanners. This file is typically installed with the program Clip-High_D_06 by Kimahri Software inc. which is a potentially unwanted software program. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Krance Development (signed and verified)

MD5:

53367d2fc1854adeac44140f036a947d

SHA-1:

92496bbbfc57463b3a8c660df7634eee96cb9e34

SHA-256:

8e763e9e501c1396a3b95f5c0d529911adf21bb15f79970d4f36358effcaf5ff

Scanner detections:

11 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Krance Development.

Analysis date:

4/23/2024 5:03:58 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/NSIS.Adwapper.bx.11

7.11.181.44

AVG

Generic

2015.0.3311

ESET NOD32

Win32/Toolbar.CrossRider.BD (variant)

8.10618

Fortinet FortiGate

Adware/Adwapper

12/22/2014

IKARUS anti.virus

AdWare.CrossRider

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.183.13584

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.2760

Qihoo 360 Security

Win32/Virus.Adware.ba6

1.0.0.1015

Reason Heuristics

PUP.Crossrider.KranceDevelopment.Z

14.10.25.7

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141023

Vba32 AntiVirus

AdWare.Adwapper

3.12.26.3

File size:

434.4 KB (444,832 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\clip-high_d_06\clip-high_d_06-buttonutil.dll

Digital Signature

Signed by:

Krance Development

Authority:

COMODO CA Limited

Valid from:

8/28/2014 2:00:00 AM

Valid to:

8/29/2015 1:59:59 AM

Subject:

CN=Krance Development, O=Krance Development, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2F8A4746EB05936853BC17805C72D300

File PE Metadata

Compilation timestamp:

10/4/2014 9:34:47 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:t5dQTViIxeOei0Fcq6JTAAqCubafZQnaKTB91s5QBPi3kZ2fGL/64D:tmiIxem6UWnCpvKTr1YJ00eL/64D

Entry address:

0x2C883

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 01, 9A, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 18, 81, 05, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 28, 01, 06, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 90, 14, 05, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

298.5 KB (305,664 bytes)

The file clip-high_d_06-buttonutil.dll has been discovered within the following program.

Clip-High_D_06 by Kimahri Software inc.

Clip-High is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

82% remove it

Remove clip-high_d_06-buttonutil.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.