home

feven 1.5-buttonutil.dll

Brightcircle Investments Limited

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module feven 1.5-buttonutil.dll by Brightcircle Investments Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Brightcircle Investments Limited  (signed and verified)

MD5:
57fd431d83616bc21272d648497bd33d

SHA-1:
db923775497c039cfdd35ed5e737a13e1fc9bf4b

SHA-256:
f9ae3fd1c92fb27a799198cd872f5a67cf44f5c1350c6cf45248880b5435acdf

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Brightcircle Investments Limited.

Analysis date:
4/16/2024 10:34:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider (M)
17.2.12.2

File size:
388.4 KB (397,672 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\feven 1.5\feven 1.5-buttonutil.dll

Digital Signature
Signed by:
Brightcircle Investments Limited

Authority:
GoDaddy.com, Inc.

Valid from:
3/8/2013 2:33:54 PM

Valid to:
3/8/2016 2:33:54 PM

Subject:
CN=Brightcircle Investments Limited, O=Brightcircle Investments Limited, L=Nicosia, S=Strovolos, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
047F36483DC84C

File PE Metadata
Compilation timestamp:
6/26/2013 4:08:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x2FB0B

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, CE, 91, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, DC, C1, 05, 10, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, DD, 30, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24...
 
[+]

Code size:
285 KB (291,840 bytes)

Remove feven 1.5-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.