» radio canyon-buttonutil.dll
Overview
Analysis
File Details
Programs (1)

radio canyon-buttonutil.dll

Porter Studio Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module radio canyon-buttonutil.dll by Porter Studio Plus has been detected as adware by 14 anti-malware scanners. This file is typically installed with the program Radio Canyon by Bright circle investments Ltd. which is a potentially unwanted software program. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Porter Studio Plus (signed and verified)

MD5:

ca1f2c0d3e7421f2050cebc698325af7

SHA-1:

a845aca8dec83608d7dabb1ac4d67303d708abed

SHA-256:

fd3e5415108f3801751155809acf7371a6a0c1ce21b7f03d3aa3fb37b839bea0

Scanner detections:

14 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Porter Studio Plus.

Analysis date:

4/19/2024 4:24:35 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.CrossRider

2014.10.31

Avira AntiVirus

ADWARE/CrossRider.Gen

7.11.182.124

avast!

Win32:Crossrider-DZ [PUP]

2014.9-150712

AVG

Generic

2015.0.3305

Dr.Web

DLOADER.Trojan

9.0.1.0303

ESET NOD32

Win32/Toolbar.CrossRider.BD (variant)

8.10646

F-Prot

W32/S-89e9aa96

v6.4.7.1.166

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.1750

Malwarebytes

PUP.Optional.InstallCore.C

v2015.07.12.01

Qihoo 360 Security

HEUR/QVM30.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Crossrider.PorterStudioPlus.X

14.11.3.21

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141028

Sophos

PUA 'AppRider' (of type Adware)

5.15

VIPRE Antivirus

Threat.4150696

40786

File size:

379.4 KB (388,512 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\radio canyon\radio canyon-buttonutil.dll

Digital Signature

Signed by:

Porter Studio Plus

Authority:

COMODO CA Limited

Valid from:

10/20/2014 2:00:00 AM

Valid to:

10/21/2015 1:59:59 AM

Subject:

CN=Porter Studio Plus, O=Porter Studio Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B7BA41CFBA8D50AF9A2A64362C08FA91

File PE Metadata

Compilation timestamp:

10/22/2014 9:35:01 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:XQszkkCg+i3/1iWjo1oOp6TBg2yDlhbffoP:X2kCg++To1Pp6TS2aLoP

Entry address:

0x26CF3

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 01, 9A, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 30, B5, 04, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 28, 31, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 00, 49, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.3125

Developed / compiled with:

Microsoft Visual C++

Code size:

251.5 KB (257,536 bytes)

The file radio canyon-buttonutil.dll has been discovered within the following program.

Radio Canyon by Bright circle investments Ltd.

Radio Canyon (Porter Studio Plus) is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

88% remove it

Remove radio canyon-buttonutil.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.