» enterprise 1.1-buttonutil64.dll
Overview
Analysis
File Details
Programs (1)

enterprise 1.1-buttonutil64.dll

Morgan Enter Mode

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module enterprise 1.1-buttonutil64.dll by Morgan Enter Mode has been detected as adware by 3 anti-malware scanners. This file is typically installed with the program enterprise 1.1 by Naruto Source which is a potentially unwanted software program. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Morgan Enter Mode (signed and verified)

MD5:

11b51d138ebafaed8f03ffd4fe06a2e4

SHA-1:

d601f9d522c190c3a3caec289093ccdc5a2f56f8

SHA-256:

b9546316613cf58c8fdc311bc27947998ac94d54a2c9631511332f728163d47e

Scanner detections:

3 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Morgan Enter Mode.

Analysis date:

4/24/2024 9:16:34 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Morgan

2015.0.3316

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

15.0.0.494

Reason Heuristics

PUP.Crossrider.MorganEnterMode.AA

14.10.19.19

File size:

494.9 KB (506,784 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\enterprise 1.1\enterprise 1.1-buttonutil64.dll

Digital Signature

Signed by:

Morgan Enter Mode

Authority:

COMODO CA Limited

Valid from:

8/27/2014 5:00:00 PM

Valid to:

8/28/2015 4:59:59 PM

Subject:

CN=Morgan Enter Mode, O=Morgan Enter Mode, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E247EA066029B70533C15792B60ED4D8

File PE Metadata

Compilation timestamp:

10/17/2014 12:33:13 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:13qctG97n3HcyBJfZ2Z0+LIP6APaMOPy84iAK/X7r+pJeTD16HU0HEWWouKSTBnD:ATEmPbaKyPGW1PWWZKSTx9XFCo4dTNg

Entry address:

0x30A2C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 7F, A7, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 40, 33, 04, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2484

Code size:

330.5 KB (338,432 bytes)

The file enterprise 1.1-buttonutil64.dll has been discovered within the following program.

enterprise 1.1 by Naruto Source

enterprise is an adware/advertising supported web browser plugin that is typically bundled by a 3rd-party download manager which includes potentially unwanted software offers in order to monetize installs (PPI) or through malvertising practices.

79% remove it

Remove enterprise 1.1-buttonutil64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.