home

enformation 1.1-buttonutil.dll

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The module enformation 1.1-buttonutil.dll by Sailor Project has been detected as adware by 10 anti-malware scanners. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Sailor Project  (signed and verified)

MD5:
edb7fd669e35a127738a7b22e21fa1fd

SHA-1:
bbb93f84e36082b2f50a3d5e7757ac6d7364c989

SHA-256:
b80e661d314d57c6b95dc8e5d9d7b0283ca5e4769fc726e888722db673d4b68a

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Sailor Project.

Analysis date:
4/25/2024 3:28:38 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.164.52

Dr.Web
DLOADER.Trojan
9.0.1.0208

ESET NOD32
Win32/Toolbar.CrossRider.AA potentially unwanted application
7.0.302.0

IKARUS anti.virus
not-a-virus:WebToolbar.CroRi
t3scan.1.6.1.0

Kaspersky
not-a-virus:WebToolbar.Win32.CroRi
15.0.0.494

Panda Antivirus
Trj/Genetic.gen
14.07.27.09

Reason Heuristics
PUP.Crossrider.SailorProject.Z
14.7.27.20

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.14725

Sophos
AppRider
4.98

VIPRE Antivirus
Threat.4789396
31208

File size:
434.4 KB (444,776 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\enformation 1.1\enformation 1.1-buttonutil.dll

Digital Signature
Signed by:
Sailor Project

Authority:
COMODO CA Limited

Valid from:
7/17/2014 8:00:00 PM

Valid to:
7/18/2015 7:59:59 PM

Subject:
CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
47C5F145C734CD3D086C0A102176F0A1

File PE Metadata
Compilation timestamp:
7/26/2014 6:03:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:xlNZBYY/M3gJFSvx8kn5eMZ6wyLhItJqXH+jR2TB8Y2fSiWC9SHCv:xlNZ1E3wSBnxyNItJuU2TOYmDP9QCv

Entry address:
0x2D9D3

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 51, 9C, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 90, 7F, 05, 10, E8, 1E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 88, 01, 06, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 80, 12, 05, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3653

Developed / compiled with:
Microsoft Visual C++

Code size:
299.5 KB (306,688 bytes)

Remove enformation 1.1-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.