» feven 1.2-buttonutil64.dll
Overview
Analysis
File Details

feven 1.2-buttonutil64.dll

Brightcircle Investments Limited

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module feven 1.2-buttonutil64.dll by Brightcircle Investments Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Brightcircle Investments Limited (signed and verified)

MD5:

1fb2433a829fce997f21495a93caef7b

SHA-1:

1dca2f925f2594cbee8323e114f9370ffd851414

SHA-256:

11ee169e76b7084dead0f33c3ae55705d03ecc922f7b139be1df7407ba6d7114

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Brightcircle Investments Limited.

Analysis date:

4/26/2024 11:37:44 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Crossrider.Brightcircle (M)

16.2.4.2

File size:

483.4 KB (494,952 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\feven 1.2\feven 1.2-buttonutil64.dll

Digital Signature

Signed by:

Brightcircle Investments Limited

Authority:

GoDaddy.com, Inc.

Valid from:

3/8/2013 6:33:54 PM

Valid to:

3/8/2016 6:33:54 PM

Subject:

CN=Brightcircle Investments Limited, O=Brightcircle Investments Limited, L=Nicosia, S=Strovolos, C=CY

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

047F36483DC84C

File PE Metadata

Compilation timestamp:

12/4/2013 4:29:18 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:OsqZYff5/z/zCce7r3FDuwmSFKeQJjOTVTGTRgJyV6VOkRqOTBsxlnr5e4r76yGW:Osp7/zE1uHX3AVuotqOT2xO4r76vY9TR

Entry address:

0x3A2B4

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 2B, A2, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 18, 9B, 03, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2323

Code size:

324 KB (331,776 bytes)

Remove feven 1.2-buttonutil64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.