home

iwebar-buttonutil.dll

Armageddon Labs (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module iwebar-buttonutil.dll by Armageddon Labs (BrightCircle Investments Limited) has been detected as adware by 18 anti-malware scanners. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Armageddon Labs (BrightCircle Investments Limited)  (signed and verified)

MD5:
9f6a5aa754563a24db6bcfdaddebbe95

SHA-1:
1c9b72ccb4d318879f2d165f1d8a4bfcbaf7ead7

SHA-256:
8a23a5abe0ae759c1e72130b3048ba8f8829fda6c2225b1a395ba2736f57f829

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Armageddon Labs (BrightCircle Investments Limited).

Analysis date:
4/26/2024 2:08:14 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.zy5@kWcvmeoi
6213306

Avira AntiVirus
ADWARE/CrossRider.Gen7
7.11.197.30

AVG
Generic
2015.0.3253

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141223

Bitdefender
Gen:Application.Heur.zy5@kWcvmeoi
1.0.20.1780

Dr.Web
DLOADER.Trojan
9.0.1.0356

Emsisoft Anti-Malware
Gen:Application.Heur.zy5@kWcvmeoi
9.0.0.4668

ESET NOD32
Win32/Toolbar.CrossRider.BD potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Application.Heur.zy5@kWcvmeoi
5.13.68

G Data
Gen:Application.Heur.zy5@kWcvmeoi
14.12.24

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
15.0.0.543

MicroWorld eScan
Gen:Application.Heur.zy5@kWcvmeoi
15.0.0.1068

Norman
Gen:Application.Heur.zy5@kWcvmeoi
04.12.2014 14:30:06

Panda Antivirus
Generic Suspicious
14.12.23.12

Qihoo 360 Security
Win32/Application.df5
1.0.0.1015

Reason Heuristics
PUP.Crossrider.ArmageddonLabsBrightCircleInvestmentsLimited.R
15.1.4.17

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.141220

Sophos
PUA 'AppRider' (of type Adware)
5.09

File size:
401.5 KB (411,104 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\iwebar\iwebar-buttonutil.dll

Digital Signature
Signed by:
Armageddon Labs (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
12/1/2014 12:00:00 AM

Valid to:
12/1/2015 11:59:59 PM

Subject:
CN=Armageddon Labs (BrightCircle Investments Limited), O=Armageddon Labs (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C5692390E715129E144F950D09DA6E8A

File PE Metadata
Compilation timestamp:
12/21/2014 11:33:53 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:7vTomN3S1mY2CmvOTXNS3ZfDuz1n1Q1S3+TB4BEK82PFVn6q:7vNC1R2CmvOTXmbujZ3+T6aKdtVn6q

Entry address:
0x29223

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 91, 97, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, E0, 12, 05, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 48, 91, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 30, 79, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
261.5 KB (267,776 bytes)

Remove iwebar-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.