» gohd-buttonutil64.dll
Overview
Analysis
File Details

gohd-buttonutil64.dll

Porter Studio Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module gohd-buttonutil64.dll by Porter Studio Plus has been detected as adware by 3 anti-malware scanners. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Porter Studio Plus (signed and verified)

MD5:

3edb968e29c70b7ad9680b79f8d0c673

SHA-1:

685170d4ae67c0f6691b43ca1a814c4d0508b8f7

SHA-256:

dec3ecd77ce8459de1cdaa34a2fad663ce18a34e1111529a16c5960a21dfe20b

Scanner detections:

3 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Porter Studio Plus.

Analysis date:

4/25/2024 12:22:28 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3312

ESET NOD32

Win32/Toolbar.CrossRider.BM (variant)

8.10611

Reason Heuristics

PUP.Crossrider.PorterStudioPlus.R

14.11.3.21

File size:

471.4 KB (482,720 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\gohd\gohd-buttonutil64.dll

Digital Signature

Signed by:

Porter Studio Plus

Authority:

COMODO CA Limited

Valid from:

10/20/2014 3:00:00 AM

Valid to:

10/21/2015 2:59:59 AM

Subject:

CN=Porter Studio Plus, O=Porter Studio Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B7BA41CFBA8D50AF9A2A64362C08FA91

File PE Metadata

Compilation timestamp:

10/21/2014 10:34:58 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:4bGd+cjtuPUmQ2KknnLuSCrKs35vkV48/93K7iFEqzW1Tfj9R/ko+9xS0STBJx91:48+cpSCTP2hGj9ao+PSTfx92ZTk

Entry address:

0x2EF0C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 7F, A7, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 60, EE, 03, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2422

Code size:

312 KB (319,488 bytes)

Remove gohd-buttonutil64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.