home

iwebar-buttonutil64.dll

Tita­nium Great Minds

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module iwebar-buttonutil64.dll by Tita­nium Great Minds has been detected as adware by 9 anti-malware scanners. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Tita­nium Great Minds  (signed and verified)

MD5:
683a2e3a50a75611ec7e66dd17a693c2

SHA-1:
a303b2bfadd46cdaa17501e623a23834fe8856c5

SHA-256:
ac3483747b540a5e4097e3c26bc6d9a58f98995a28f724ebbef061eeaccccfdd

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Tita­nium Great Minds.

Analysis date:
4/19/2024 6:24:54 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win64.CrossRider
2014.11.25

Avira AntiVirus
Adware/CrossRider.KB
7.11.188.128

AVG
Generic
2015.0.3280

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141124

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
7.0.302.0

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
15.0.0.543

Panda Antivirus
Trj/Chgt.N
14.11.24.03

Qihoo 360 Security
Win32/Virus.Adware.7a9
1.0.0.1015

Reason Heuristics
PUP.Crossrider.TitaniumGreatMinds.T
14.11.29.20

File size:
542.4 KB (555,432 bytes)

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\Program Files\iwebar\iwebar-buttonutil64.dll

Digital Signature
Signed by:
Tita­nium Great Minds

Authority:
COMODO CA Limited

Valid from:
10/20/2014 4:00:00 AM

Valid to:
10/21/2015 3:59:59 AM

Subject:
CN=Tita­nium Great Minds, O=Tita­nium Great Minds, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009396D2C159BC1B1261C6A397A6168FA6

File PE Metadata
Compilation timestamp:
11/23/2014 11:33:08 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:ix6Q0ul62SjCIS3Nk7RAf9DibVjTZIJ5iUC:iIil7S9S3TubVT8Y9

Entry address:
0x370AC

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 9F, A5, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 80, 7C, 04, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
6.2801

Code size:
360 KB (368,640 bytes)

Remove iwebar-buttonutil64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.