» lyricssay-15-buttonutil.dll
Overview
Analysis
File Details
Programs (1)

lyricssay-15-buttonutil.dll

The module lyricssay-15-buttonutil.dll has been detected as adware by 8 anti-malware scanners. This file is typically installed with the program LyricsSay-15 by Showpass which is a potentially unwanted software program. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon.

File name:

MD5:

3f33c9fc028bc688571532f666476a3a

SHA-1:

3f83bd1637f2333336705fd37011279cbba86b30

SHA-256:

afb0fd2f42cb76e4c412b001266edd452ce3540b31f122fab167ce6632fb1d0c

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

5/6/2024 10:42:23 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.1446

Bkav FE

W32.Clode47.Trojan

1.3.0.4959

ESET NOD32

Win32/Toolbar.CrossRider (variant)

8.9526

K7 AntiVirus

Trojan

13.176.11392

Malwarebytes

PUP.Optional.Crossrider

v2014.04.06.12

Reason Heuristics

PUP.Crossrider.X

14.4.6.12

VIPRE Antivirus

Crossrider

27280

File size:

391.5 KB (400,896 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\lyricssay-15\lyricssay-15-buttonutil.dll

File PE Metadata

Compilation timestamp:

8/12/2013 2:44:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:w5kFD6YnTrIQkK+5g8aWuvyLOFjeCTAW4uCh+/ne1/:t6YnFsgg32jlTAW4Fc/e1/

Entry address:

0x30AEB

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, AE, 9D, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, A0, D1, 05, 10, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 85, 73, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24... 
[+]

Entropy:

6.6822

Code size:

292 KB (299,008 bytes)

The file lyricssay-15-buttonutil.dll has been discovered within the following program.

LyricsSay-15 by Showpass

LyricsSay is an adware web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.

77% remove it

Remove lyricssay-15-buttonutil.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.