» hipomatic-buttonutil64.dll
Overview
Analysis
File Details
Programs (1)

hipomatic-buttonutil64.dll

Ori Rejwan

The module hipomatic-buttonutil64.dll by Ori Rejwan has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Hipomatic by Ori Rejwan which is a potentially unwanted software program. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon.

File name:

Publisher:

Ori Rejwan (signed and verified)

MD5:

0100bd69941d2d8a47f5d22d0a2cb5fd

SHA-1:

1112d4db8b7302a5f21d78865b32340211ba521d

SHA-256:

50a0547aaeedfa9e13325998dbc73a88c6751518f3e163b0dca59df284ef0640

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Ori Rejwan.

Analysis date:

4/26/2024 7:38:05 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Crossrider.OriRejwa (M)

16.4.13.8

File size:

498.9 KB (510,904 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\hipomatic\hipomatic-buttonutil64.dll

Digital Signature

Signed by:

Ori Rejwan

Authority:

COMODO CA Limited

Valid from:

3/18/2012 8:00:00 PM

Valid to:

3/19/2014 7:59:59 PM

Subject:

CN=Ori Rejwan, O=Ori Rejwan, STREET=42 Balfure Street, STREET=Apartment 11, L=Tel Aviv, S=TLV, PostalCode=65212, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C5D28FC139933ADFC598CADDA3492604

File PE Metadata

Compilation timestamp:

10/15/2013 1:47:55 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:uGk0wsFJXDekmKSfxQjDwOeT024+ewyRIAG79:uGFwsFJTekkfxQXkT024HPK

Entry address:

0x3CBEC

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 6F, AB, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 68, 10, 48, 89, 70, 18, 48, 89, 78, 20, 41, 54, 48, 83, EC, 20, 4D, 8B, 51, 38, 48, 8B, F2, 4D, 8B, E0, 41, 8B, 02, 48, 8B, E9, 49, 8B, D1, 48, 03, C0, 48, 8B, CE, 49, 8B, F9, 49, 8D, 5C, C2, 04, 4C, 8B, C3, E8, 2A, 39... 
[+]

Entropy:

6.3357

Code size:

351.5 KB (359,936 bytes)

The file hipomatic-buttonutil64.dll has been discovered within the following program.

Hipomatic by Ori Rejwan

Hipomatic is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.

82% remove it

Remove hipomatic-buttonutil64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.