home

hdvid-codec v9.0-buttonutil.dll

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The module hdvid-codec v9.0-buttonutil.dll by CoolMirage has been detected as adware by 14 anti-malware scanners. This file is typically installed with the program HDvid-Codec V9.0 by CoolMirage Ltd. which is a potentially unwanted software program. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon.
Publisher:
CoolMirage Ltd.  (signed and verified)

MD5:
1f1b7b9e9996e01391e733eb33444ef7

SHA-1:
ebeaa1997b385d3e80f3d0c8ac5310ba5afdc569

SHA-256:
11f70dd88d56a5ba12db6bcf9e608fadc6f79f30a87103a1b81bce4f1ccc103a

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is CoolMirage Ltd..

Analysis date:
4/18/2024 10:40:37 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.AdLoad
7.1.1

Avira AntiVirus
Adware/CrossRider.A.9669
7.11.155.58

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14625

Dr.Web
DLOADER.Trojan
9.0.1.0176

ESET NOD32
Win32/Toolbar.CrossRider.AA (variant)
8.9956

IKARUS anti.virus
AdWare.Adload
t3scan.1.6.1.0

Kaspersky
not-a-virus:AdWare.Win32.AdLoad
14.0.0.3658

NANO AntiVirus
Riskware.Win32.AdLoad.dbbpmm
0.28.2.60990

Panda Antivirus
Trj/Chgt.A
14.06.25.07

Qihoo 360 Security
Win32/Virus.Adware.a60
1.0.0.1015

Reason Heuristics
PUP.Crossrider.CoolMirage.AA
14.8.7.17

Sophos
AppRider
4.98

Vba32 AntiVirus
AdWare.AdLoad
3.12.26.3

VIPRE Antivirus
Crossrider
30356

File size:
382.9 KB (392,064 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\hdvid-codec v9.0\hdvid-codec v9.0-buttonutil.dll

Digital Signature
Signed by:
CoolMirage Ltd.

Authority:
Thawte, Inc.

Valid from:
6/6/2013 3:00:00 AM

Valid to:
6/7/2014 2:59:59 AM

Subject:
CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
110F603E63C86349A5F243EA06966F33

File PE Metadata
Compilation timestamp:
6/15/2014 1:03:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:9xD7eVqVEc2LowylFr3YzdfqTBCyXSyCi6mYj0LF:7PeVs48FzkfqTYyXSk2j0LF

Entry address:
0x26673

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 24, 89, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, B0, C6, 04, 10, E8, EE, 24, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, B8, 3F, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 90, 4B, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
254.5 KB (260,608 bytes)

The file hdvid-codec v9.0-buttonutil.dll has been discovered within the following program.

HDvid-Codec V9.0  by CoolMirage Ltd.
HDVidCodec is an adware (advertising support) web browser application that is designed to display banner ads as well as contextual link ads (such as hyperlinks the user will see underlined).
www.coolmirage.com
80% remove it
 
Powered by Should I Remove It?

Remove hdvid-codec v9.0-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.