home

iwebar-buttonutil.dll

Gogo Network Club

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module iwebar-buttonutil.dll by Gogo Network Club has been detected as adware by 25 anti-malware scanners. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Gogo Network Club  (signed and verified)

MD5:
66d168f30b0d905c26fa9194aac6a119

SHA-1:
f73d1e9458017504755daf2d071756b52580c6aa

SHA-256:
18c83459fe039416f5ebfa4cb8b71e8134cfe85d40144c71e0b736bd4e7863e2

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Gogo Network Club.

Analysis date:
4/25/2024 6:00:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.zy5@kec3!Thi
781

AhnLab V3 Security
PUP/Win32.CrossRider
2014.10.25

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.194.38

AVG
Generic
2015.0.3311

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141024

Bitdefender
Gen:Application.Heur.zy5@kec3!Thi
1.0.20.1745

Dr.Web
DLOADER.Trojan
9.0.1.0297

Emsisoft Anti-Malware
Gen:Application.Heur.zy5@kec3!Thi
8.14.12.15.11

ESET NOD32
Win32/Toolbar.CrossRider.BD (variant)
8.10616

F-Secure
Riskware.Gen:Application.Heur.zy5@kec3!Thi
11.2014-15-12_2

G Data
Gen:Application.Heur.zy5@kec3!Thi
14.12.24

IKARUS anti.virus
AdWare.CrossRider
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.186.14295

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
15.0.0.494

McAfee
Artemis!66D168F30B0D
5600.6967

MicroWorld eScan
Gen:Application.Heur.zy5@kec3!Thi
15.0.0.1047

Norman
Gen:Application.Heur.zy5@kec3!Thi
11.20141215

Panda Antivirus
Trj/Genetic.gen
14.12.15.11

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Crossrider.GogoNetworkClub.R
14.10.24.16

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.141022

Sophos
Generic PUA PH
4.98

Vba32 AntiVirus
AdWare.Adwapper
3.12.26.3

VIPRE Antivirus
Threat.4150696
35418

Zillya! Antivirus
Adware.CrossRider.Win32.302
2.0.0.2003

File size:
408.4 KB (418,208 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\iwebar\iwebar-buttonutil.dll

Digital Signature
Signed by:
Gogo Network Club

Authority:
COMODO CA Limited

Valid from:
8/19/2014 12:00:00 AM

Valid to:
8/19/2015 11:59:59 PM

Subject:
CN=Gogo Network Club, O=Gogo Network Club, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75BF783471861CAD78DE03A20768BF56

File PE Metadata
Compilation timestamp:
10/24/2014 7:34:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:dIOjv5siTUMd15zk4JEiqYz3bSAI9qbFFTBD4xh2jFo:dI25dUMdbzkoev9aFTF4veFo

Entry address:
0x296C3

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 01, 9A, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 58, 1C, 05, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 28, 91, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, F0, AF, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
276 KB (282,624 bytes)

Remove iwebar-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.