» radio canyon-buttonutil.dll
Overview
Analysis
File Details
Programs (1)

radio canyon-buttonutil.dll

Crossrider Advanced Technologies

Part of the Crossrider framework, a web browser extension that will deliver advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The module radio canyon-buttonutil.dll by Crossrider Advanced Technologies has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Radio Canyon by Bright circle investments Ltd. which is a potentially unwanted software program. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon.

File name:

Publisher:

Crossrider Advanced Technologies (signed and verified)

MD5:

1c88306cf59027e7d751eb8722cf776e

SHA-1:

de6bf6469afa7e3ce93a621d4720de8c88b0dc98

SHA-256:

a32a366024b9b923b594d82fd1ed9cf13ea4d542d120f1bc7e7272eff3e6e8ac

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Crossrider Advanced Technologies.

Analysis date:

4/20/2024 12:12:35 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Crossrider.CrossriderAdvancedTechnologies (M)

16.2.4.7

File size:

433.2 KB (443,608 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\radio canyon\radio canyon-buttonutil.dll

Digital Signature

Signed by:

Crossrider Advanced Technologies

Authority:

COMODO CA Limited

Valid from:

9/24/2012 3:00:00 AM

Valid to:

9/25/2015 2:59:59 AM

Subject:

CN=Crossrider Advanced Technologies, O=Crossrider Advanced Technologies, STREET=40 Lilienblum St, L=Tel-Aviv, S=Israel, PostalCode=65133, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B9966EA31AF5750F30968D041D15669B

File PE Metadata

Compilation timestamp:

11/4/2014 11:37:30 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:fgFifkqJyYwrtMQOndsir+2ozt8qdjSnZ36STBvdrY37x3Tt:f6qJyYw1Od7i2UJE6SThdrUF3Tt

Entry address:

0x2BC33

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 01, 9A, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 08, 71, 05, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 28, F1, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 60, 04, 05, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.3888

Developed / compiled with:

Microsoft Visual C++

Code size:

295 KB (302,080 bytes)

The file radio canyon-buttonutil.dll has been discovered within the following program.

Radio Canyon by Bright circle investments Ltd.

Radio Canyon (Porter Studio Plus) is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

88% remove it

Remove radio canyon-buttonutil.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.