» hdvid-codec v9.0-buttonutil64.dll
Overview
Analysis
File Details
Programs (1)

hdvid-codec v9.0-buttonutil64.dll

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The module hdvid-codec v9.0-buttonutil64.dll by CoolMirage has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program HDvid-Codec V9.0 by CoolMirage Ltd. which is a potentially unwanted software program. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon.

File name:

Publisher:

CoolMirage Ltd. (signed and verified)

MD5:

20177008a329c1d1cfc57fd56f38cbe8

SHA-1:

c198a88e0de704e6f173eef158856d29e18b7bff

SHA-256:

b772eaefbce881068328f6d5b03b7818ccbbc486e57cde73d1f923550ee30af8

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is CoolMirage Ltd..

Analysis date:

4/24/2024 8:23:42 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Crossrider.CoolMirage (M)

16.2.15.17

File size:

439.4 KB (449,920 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\hdvid-codec v9.0\hdvid-codec v9.0-buttonutil64.dll

Digital Signature

Signed by:

CoolMirage Ltd.

Authority:

Thawte, Inc.

Valid from:

6/6/2013 2:00:00 AM

Valid to:

6/7/2014 1:59:59 AM

Subject:

CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

110F603E63C86349A5F243EA06966F33

File PE Metadata

Compilation timestamp:

6/9/2014 12:04:11 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:TK053DDC74efL3IfAaGdwPAaxCK7+jGCWiMWTiSGA/gloek1DWTBGeIrmEvEZ1C2:8kP6L5Gy8nkZWTyrm/Zb

Entry address:

0x2B1FC

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 77, 8E, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, A0, C8, 03, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2018

Code size:

286 KB (292,864 bytes)

The file hdvid-codec v9.0-buttonutil64.dll has been discovered within the following program.

HDvid-Codec V9.0 by CoolMirage Ltd.

HDVidCodec is an adware (advertising support) web browser application that is designed to display banner ads as well as contextual link ads (such as hyperlinks the user will see underlined).

www.coolmirage.com

80% remove it

Remove hdvid-codec v9.0-buttonutil64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.