» iwebar-buttonutil64.dll
Overview
Analysis
File Details

iwebar-buttonutil64.dll

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module iwebar-buttonutil64.dll by Naruto Source has been detected as adware by 12 anti-malware scanners. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Naruto Source (signed and verified)

MD5:

981154165a292656fb0ea8f65624ddbf

SHA-1:

630bd46da9e35222bc054fe4f6449d0f2d88d5a8

SHA-256:

50df257e33ede252b6cc25511a4acee22d9e5640d3ac14b06650e69ac81c7314

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Naruto Source.

Analysis date:

4/25/2024 1:42:03 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/CrossRider.pq

7.11.169.168

AVG

Generic

2016.0.3096

Baidu Antivirus

Adware.NSIS.Adwapper

4.0.3.15527

ESET NOD32

Win64/Toolbar.Crossrider (variant)

9.10330

Fortinet FortiGate

Adware/Adwapper

5/27/2015

IKARUS anti.virus

PUA.Toolbar.CrossRider

t3scan.1.7.5.0

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.1975

McAfee

Artemis!981154165A29

5600.6752

NANO AntiVirus

Riskware.Win64.Graftor.decgig

0.28.2.61861

Panda Antivirus

Trj/Chgt.D

15.05.27.11

Reason Heuristics

Adware.Crossrider.Brightcircle

15.5.27.19

Trend Micro House Call

Suspicious_GEN.F47V0821

7.2.147

File size:

476.4 KB (487,784 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\iwebar\iwebar-buttonutil64.dll

Digital Signature

Signed by:

Naruto Source

Authority:

COMODO CA Limited

Valid from:

7/27/2014 8:00:00 PM

Valid to:

7/28/2015 7:59:59 PM

Subject:

CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1CE82906A7F364268F66771839675655

File PE Metadata

Compilation timestamp:

8/19/2014 6:09:54 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:5KfzBOyOST+WNJb5uqiCJgIdMhDFDMFLKx2XLWS+j7gT8j/pEr+F0OTB97nwsFPi:l0Yig0YjRj/mr1OTb7nR/8b

Entry address:

0x2EE2C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, EF, A9, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 60, 0F, 04, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2498

Code size:

316.5 KB (324,096 bytes)

Remove iwebar-buttonutil64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.