home

hdvid-codec v9.0-buttonutil.dll

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The module hdvid-codec v9.0-buttonutil.dll by CoolMirage has been detected as adware by 13 anti-malware scanners. This file is typically installed with the program HDvid-Codec V9.0 by CoolMirage Ltd. which is a potentially unwanted software program. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon.
Publisher:
CoolMirage Ltd.  (signed and verified)

MD5:
91dd065a6d0acd4f0d037a6c26f5c733

SHA-1:
dabfa9906c223f5cf44d3d2e0fbda8eaf5f0d1ea

SHA-256:
372c1597e52b4d6d26a8760e9222aa69301f614e00007cd646d5b0e07ffe91ce

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is CoolMirage Ltd..

Analysis date:
4/18/2024 9:55:54 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.AdLoad
7.1.1

Avira AntiVirus
Adware/CrossRider.A.9332
7.11.163.248

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14620

Dr.Web
DLOADER.Trojan
9.0.1.0171

ESET NOD32
Win32/Toolbar.CrossRider.AA potentially unwanted application
7.0.302.0

IKARUS anti.virus
AdWare.Adload
t3scan.1.6.1.0

Kaspersky
not-a-virus:AdWare.Win32.AdLoad
15.0.0.463

NANO AntiVirus
Riskware.Win32.AdLoad.dbbpmm
0.28.2.60990

Panda Antivirus
Trj/Chgt.A
14.06.20.01

Reason Heuristics
PUP.Crossrider.CoolMirage.AA
14.8.7.17

Sophos
AppRider
4.98

Vba32 AntiVirus
AdWare.AdLoad
3.12.26.3

VIPRE Antivirus
Threat.4789396
29708

File size:
380.9 KB (390,016 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\hdvid-codec v9.0\hdvid-codec v9.0-buttonutil.dll

Digital Signature
Signed by:
CoolMirage Ltd.

Authority:
Thawte, Inc.

Valid from:
6/6/2013 4:00:00 AM

Valid to:
6/7/2014 3:59:59 AM

Subject:
CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
110F603E63C86349A5F243EA06966F33

File PE Metadata
Compilation timestamp:
6/11/2014 2:03:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:LRPMvAT3l6ZPyvRzNMSA8q4NET3TBg3aiqczKQl:tUvAT3l0CaHB33T237HzKQl

Entry address:
0x25E63

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 21, 89, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, A8, C6, 04, 10, E8, EE, 24, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, D8, 3F, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, A0, 4B, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3100

Developed / compiled with:
Microsoft Visual C++

Code size:
252.5 KB (258,560 bytes)

The file hdvid-codec v9.0-buttonutil.dll has been discovered within the following program.

HDvid-Codec V9.0  by CoolMirage Ltd.
HDVidCodec is an adware (advertising support) web browser application that is designed to display banner ads as well as contextual link ads (such as hyperlinks the user will see underlined).
www.coolmirage.com
80% remove it
 
Powered by Should I Remove It?

Remove hdvid-codec v9.0-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.