» gohd-buttonutil.dll
Overview
Analysis
File Details

gohd-buttonutil.dll

Porter Studio Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module gohd-buttonutil.dll by Porter Studio Plus has been detected as adware by 15 anti-malware scanners. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

gohd-buttonutil.dll

Publisher:

Porter Studio Plus (signed and verified)

MD5:

aaa53d5f4e58daa0b601f5be05a82784

SHA-1:

5804c886ff15926c47a83b2dfdc751eead94b6b3

SHA-256:

37c8f71caa7a6aa9fd9362b61c921e900814dce017198019f78b9a8c8684b897

Scanner detections:

15 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Porter Studio Plus.

Analysis date:

4/26/2024 3:40:09 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.CrossRider

2014.10.24

Avira AntiVirus

Adware/CrossRider.pq

7.11.180.144

avast!

Win32:Crossrider-AA [PUP]

2014.9-141216

AVG

Generic

2015.0.3312

Baidu Antivirus

Adware.NSIS.Adwapper

4.0.3.141216

Dr.Web

DLOADER.Trojan

9.0.1.0297

ESET NOD32

Win32/Toolbar.CrossRider.BD (variant)

8.10611

IKARUS anti.virus

AdWare.CrossRider

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.184.13741

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.2787

McAfee

Artemis!9848310857C5

5600.6914

Qihoo 360 Security

Win32/Virus.Adware.970

1.0.0.1015

Reason Heuristics

PUP.Crossrider.PorterStudioPlus.P

14.11.3.21

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141022

Sophos

Generic PUA IN

4.98

File size:

407.4 KB (417,184 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\gohd\gohd-buttonutil.dll

Digital Signature

Signed by:

Porter Studio Plus

Authority:

COMODO CA Limited

Valid from:

10/20/2014 3:00:00 AM

Valid to:

10/21/2015 2:59:59 AM

Subject:

CN=Porter Studio Plus, O=Porter Studio Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B7BA41CFBA8D50AF9A2A64362C08FA91

File PE Metadata

Compilation timestamp:

10/21/2014 10:36:28 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:GweoOtKk6W0+fYJH+Re977bVcgtvZv6TBXHGsQShrCzf7q:GwxOtKk6W3YecHxcg1Zv6TRHGm8f7q

Entry address:

0x29813

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 01, 9A, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 70, 1B, 05, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 28, 91, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 00, AF, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.3487

Developed / compiled with:

Microsoft Visual C++

Code size:

275 KB (281,600 bytes)

Remove gohd-buttonutil.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.