home

enterprise 1.1-buttonutil.dll

Porter Studio Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module enterprise 1.1-buttonutil.dll by Porter Studio Plus has been detected as adware by 12 anti-malware scanners. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Porter Studio Plus  (signed and verified)

MD5:
dc92098e79c22c37b08733b41252e81f

SHA-1:
5eaf67013fab03cd416b9efee97c308c7194ca85

SHA-256:
49f8f92835d3ab470ad83ded3124919f19801748639db7d0d343a38c5393b3be

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Porter Studio Plus.

Analysis date:
4/20/2024 12:24:52 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.CrossRider
2014.10.31

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.182.78

avast!
Win32:Crossrider-DZ [PUP]
2014.9-150604

AVG
Generic
2015.0.3306

Dr.Web
DLOADER.Trojan
9.0.1.0303

ESET NOD32
Win32/Toolbar.CrossRider.BD (variant)
8.10644

F-Prot
W32/S-89e9aa96
v6.4.7.1.166

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.1937

Reason Heuristics
PUP.Crossrider.PorterStudioPlus.Y
14.11.3.21

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.141028

Sophos
PUA 'AppRider' (of type Adware)
5.14

VIPRE Antivirus
Threat.4150696
40552

File size:
410.4 KB (420,256 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\enterprise 1.1\enterprise 1.1-buttonutil.dll

Digital Signature
Signed by:
Porter Studio Plus

Authority:
COMODO CA Limited

Valid from:
10/19/2014 8:00:00 PM

Valid to:
10/20/2015 7:59:59 PM

Subject:
CN=Porter Studio Plus, O=Porter Studio Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B7BA41CFBA8D50AF9A2A64362C08FA91

File PE Metadata
Compilation timestamp:
10/28/2014 4:39:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:quOO2o5cbvlbgYtU+hAHTvwLaPsSRHCQNQjaTBJW+6hUBSfh:qT5k0+PsSdJOaTXW+smSfh

Entry address:
0x29AE3

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 01, 9A, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, B8, 2C, 05, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 28, A1, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 30, C0, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3574

Developed / compiled with:
Microsoft Visual C++

Code size:
277.5 KB (284,160 bytes)

Remove enterprise 1.1-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.