home

gohd-buttonutil.dll

Tita­nium Great Minds

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module gohd-buttonutil.dll by Tita­nium Great Minds has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Tita­nium Great Minds  (signed and verified)

MD5:
ac00366eb9c0d1cd22deba9a9e0dc7ce

SHA-1:
3966e8cc840b3135378a1dd90cadc583e5c57783

SHA-256:
fb5d3a6bf2b00e427f8d6f53a1d18f652a4109ed7cc61a662561a08e772621b4

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Tita­nium Great Minds.

Analysis date:
4/19/2024 11:42:03 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider (M)
17.2.21.6

File size:
408.4 KB (418,216 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\gohd\gohd-buttonutil.dll

Digital Signature
Signed by:
Tita­nium Great Minds

Authority:
COMODO CA Limited

Valid from:
10/19/2014 5:00:00 PM

Valid to:
10/20/2015 4:59:59 PM

Subject:
CN=Tita­nium Great Minds, O=Tita­nium Great Minds, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009396D2C159BC1B1261C6A397A6168FA6

File PE Metadata
Compilation timestamp:
11/18/2014 12:35:36 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x2A273

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 91, 97, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, E0, 1A, 05, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 08, 91, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 70, AE, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3529

Developed / compiled with:
Microsoft Visual C++

Code size:
276 KB (282,624 bytes)

Remove gohd-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.