» radio canyon-buttonutil64.dll
Overview
Analysis
File Details
Programs (1)

radio canyon-buttonutil64.dll

Porter Studio Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module radio canyon-buttonutil64.dll by Porter Studio Plus has been detected as adware by 4 anti-malware scanners. This file is typically installed with the program Radio Canyon by Bright circle investments Ltd. which is a potentially unwanted software program. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Porter Studio Plus (signed and verified)

MD5:

50db80d93644f5d42eae0d8b0483f8d6

SHA-1:

358c7e0f1b4aefd953edc4b4d4a9ea18c4184997

SHA-256:

561200d10b7eab6d8ade61b5793286d4fe1d2d1b5d1e9cff201874d49e54d963

Scanner detections:

4 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Porter Studio Plus.

Analysis date:

4/26/2024 9:06:45 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen

7.11.182.78

AVG

Generic

2015.0.3306

ESET NOD32

Win32/Toolbar.CrossRider.BM (variant)

8.10644

Reason Heuristics

PUP.Crossrider.PorterStudioPlus.Z

14.11.3.21

File size:

447.4 KB (458,144 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\radio canyon\radio canyon-buttonutil64.dll

Digital Signature

Signed by:

Porter Studio Plus

Authority:

COMODO CA Limited

Valid from:

10/20/2014 2:00:00 AM

Valid to:

10/21/2015 1:59:59 AM

Subject:

CN=Porter Studio Plus, O=Porter Studio Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B7BA41CFBA8D50AF9A2A64362C08FA91

File PE Metadata

Compilation timestamp:

10/29/2014 9:34:14 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:/FxBRvS/dImoWsFPOEZCc5U0d4xW4hlysSRiGfK3BJTNqE1MTKFhQU2OkCpTBRSO:/5kc4WuB1RbPZFeU1tpTf7wIgW

Entry address:

0x2D65C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 7F, A7, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 10, C7, 03, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Code size:

294 KB (301,056 bytes)

The file radio canyon-buttonutil64.dll has been discovered within the following program.

Radio Canyon by Bright circle investments Ltd.

Radio Canyon (Porter Studio Plus) is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

88% remove it

Remove radio canyon-buttonutil64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.