» power app-buttonutil64.exe
Overview
Analysis
File Details
Programs (1)

power app-buttonutil64.exe

power app

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application power app-buttonutil64.exe by Naruto Source has been detected as adware by 27 anti-malware scanners. This file is typically installed with the program power app by Naruto Source which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Object Browser (signed by Naruto Source)

Product:

power app

Description:

power app exe

Version:

1000.1000.1000.1000

MD5:

6bd7ead600c6fd20b69d80371717f01b

SHA-1:

df6fc11785f9c23de92d85082c96073c23176750

SHA-256:

cd635e3bd41078196510414c59a8f12da2622c277efa5607756be02e8dc3d6de

Scanner detections:

27 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will download and install new code and Javascript updates for the extension. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Naruto Source.

Analysis date:

4/18/2024 11:23:45 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.954708

796

Agnitum Outpost

PUA.Toolbar.Crossrider

7.1.1

Avira AntiVirus

Adware/CrossRider.pq

7.11.172.102

avast!

Win64:Adware-gen [Adw]

2014.9-141130

AVG

Generic

2015.0.3346

Baidu Antivirus

PUA.Win64.Crossrider

4.0.3.141130

Bitdefender

Adware.Generic.954708

1.0.20.1670

Comodo Security

ApplicUnwnt

19197

Dr.Web

Adware.Siggen.31030

9.0.1.0334

Emsisoft Anti-Malware

Adware.Generic.954708

8.14.11.30.03

ESET NOD32

Win64/Toolbar.Crossrider (variant)

8.10421

Fortinet FortiGate

Adware/Toolbar_CrossRider

11/30/2014

F-Secure

Adware.Generic.954708

11.2014-30-11_1

G Data

Win64.Trojan.Agent.Q71H0D

14.11.24

herdProtect (fuzzy)

variant of object browser-buttonutil64.exe (Adware)

2014.11.30.20

IKARUS anti.virus

AdWare.Adload

t3scan.1.7.8.0

K7 AntiVirus

Trojan

13.180.12498

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.3225

Malwarebytes

PUP.Optional.HDVid.A

v2014.09.20.01

McAfee

Artemis!A0DAF8A30E00

5600.6930

MicroWorld eScan

Adware.Generic.954708

15.0.0.1002

Panda Antivirus

Trj/Chgt.F

14.11.30.03

Qihoo 360 Security

Win32/Virus.Adware.970

1.0.0.1015

Reason Heuristics

PUP.Crossrider.NarutoSource.W

14.9.19.21

Trend Micro House Call

Suspicious_GEN.F47V0728

7.2.334

Trend Micro

TROJ_GEN.R0C1C0OFH14

10.465.30

VIPRE Antivirus

Crossrider

33144

File size:

382.9 KB (392,040 bytes)

Product version:

1000.1000.1000.1000

Original file name:

power app.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\power app\power app-buttonutil64.exe

Digital Signature

Signed by:

Naruto Source

Authority:

COMODO CA Limited

Valid from:

7/27/2014 8:00:00 PM

Valid to:

7/28/2015 7:59:59 PM

Subject:

CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1CE82906A7F364268F66771839675655

File PE Metadata

Compilation timestamp:

9/13/2014 6:02:46 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:6ZFwow8/TAxvTEg2yBwLkTDe8MFKTGXVeMOAVtzvVehs8:rvTbBwLx8MTlPzvq

Entry address:

0x23F48

Entry point:

48, 83, EC, 28, E8, AF, A7, 00, 00, 48, 83, C4, 28, E9, 02, 00, 00, 00, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 30, E8, 90, 20, 00, 00, 0F, B7, F0, B9, 02, 00, 00, 00, E8, 3B, A7, 00, 00, B8, 4D, 5A, 00, 00, 48, 8D, 3D, 77, C0, FD, FF, 66, 39, 05, 70, C0, FD, FF, 74, 04, 33, DB, EB, 31, 48, 63, 05, 9F, C0, FD, FF, 48, 03, C7, 81, 38, 50, 45, 00, 00, 75, EA, B9, 0B, 02, 00, 00, 66, 39, 48, 18, 75, DF, 33, DB, 83, B8, 84, 00, 00, 00, 0E, 76, 09, 39, 98, F8, 00, 00, 00, 0F, 95, C3, 89... 
[+]

Entropy:

6.0626

Code size:

244.5 KB (250,368 bytes)

The file power app-buttonutil64.exe has been discovered within the following program.

power app by Naruto Source

power app is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.

crossrider.com/install/63439-power-app

79% remove it

Remove power app-buttonutil64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.