» internet speed checker-buttonutil.dll
Overview
Analysis
File Details
Programs (1)

internet speed checker-buttonutil.dll

Morgan Enter Mode

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module internet speed checker-buttonutil.dll by Morgan Enter Mode has been detected as adware by 12 anti-malware scanners. This file is typically installed with the program Internet Speed Checker by Sailor Project which is a potentially unwanted software program. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Morgan Enter Mode (signed and verified)

MD5:

97a824c602c16bef356d9151e6674dd1

SHA-1:

13ecbb0934dcd752db644566a78990c6d0e22e20

SHA-256:

d9bcae377f2707232e97129ba115b7951cb2652d3e5ddb17f6616cd54a03d092

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Morgan Enter Mode.

Analysis date:

4/26/2024 2:36:01 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen

7.11.189.132

AVG

Morgan

2015.0.3311

Baidu Antivirus

Adware.NSIS.Adwapper

4.0.3.141025

Dr.Web

Trojan.Crossrider.36656

9.0.1.05190

ESET NOD32

Win32/Toolbar.CrossRider.BD (variant)

8.10618

IKARUS anti.virus

AdWare.CrossRider

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.185.13805

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

15.0.0.494

NANO AntiVirus

Trojan.Win32.Crossrider.dhaliv

0.28.2.62841

Reason Heuristics

PUP.Crossrider.MorganEnterMode.b

14.10.25.7

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141023

VIPRE Antivirus

Trojan.Win32.Generic

35238

File size:

402.4 KB (412,064 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\internet speed checker\internet speed checker-buttonutil.dll

Digital Signature

Signed by:

Morgan Enter Mode

Authority:

COMODO CA Limited

Valid from:

8/28/2014 2:00:00 AM

Valid to:

8/29/2015 1:59:59 AM

Subject:

CN=Morgan Enter Mode, O=Morgan Enter Mode, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E247EA066029B70533C15792B60ED4D8

File PE Metadata

Compilation timestamp:

10/8/2014 9:35:21 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:T9E7HGJ9KSd2eCFrNJCTiyOK+LeKvA3BTBJzxQGJigX5hHw:TEHGJsLr8K43BTnxFE+hHw

Entry address:

0x291B3

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, F1, 99, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 18, 0A, 05, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 48, 81, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, D0, 9D, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

271 KB (277,504 bytes)

The file internet speed checker-buttonutil.dll has been discovered within the following program.

Internet Speed Checker by Sailor Project

Internet Speed Checker is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

62% remove it

Remove internet speed checker-buttonutil.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.