» radio canyon-buttonutil64.exe
Overview
Analysis
File Details
Programs (1)

radio canyon-buttonutil64.exe

Porter Studio Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application radio canyon-buttonutil64.exe by Porter Studio Plus has been detected as adware by 10 anti-malware scanners. This file is typically installed with the program Radio Canyon by Bright circle investments Ltd. which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Radio Canyon (signed by Porter Studio Plus)

Product:

Radio Canyon

Description:

Radio Canyon exe

Version:

1000.1000.1000.1000

MD5:

c5ddb00bc5022a331ed5c7b3b4503e39

SHA-1:

5fe50fc2bf573918cefb76b69c13d2ac47dc03dd

SHA-256:

aa6abdcf0529da6ad7729add5cb1985a40818425a8dcc00364e7a6b3853270e5

Scanner detections:

10 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will download and install new code and Javascript updates for the extension.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Porter Studio Plus.

Analysis date:

4/25/2024 6:36:36 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen

7.11.182.50

avast!

Win64:Malware-gen

2014.9-141128

AVG

Generic

2015.0.3277

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141128

ESET NOD32

Win32/Toolbar.CrossRider.BM potentially unwanted application

7.0.302.0

Kaspersky

Trojan.NSIS.GoogUpdate

15.0.0.543

Malwarebytes

PUP.Optional.RadioCanyon.A

v2014.11.28.02

McAfee

Artemis!DB623086EB1A

5600.6933

Reason Heuristics

PUP.Crossrider.PorterStudioPlus.Z

14.11.28.2

VIPRE Antivirus

Crossrider

34356

File size:

387.4 KB (396,704 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Radio Canyon.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\radio canyon\radio canyon-buttonutil64.exe

Digital Signature

Signed by:

Porter Studio Plus

Authority:

COMODO CA Limited

Valid from:

10/20/2014 6:00:00 AM

Valid to:

10/21/2015 5:59:59 AM

Subject:

CN=Porter Studio Plus, O=Porter Studio Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B7BA41CFBA8D50AF9A2A64362C08FA91

File PE Metadata

Compilation timestamp:

10/29/2014 2:34:06 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:ywv7Hqw3HMUwOb1jh6zgIublwnT4uZM2B50NI3NcNow:yikEX6el7mBqPZ

Entry address:

0x25A58

Entry point:

48, 83, EC, 28, E8, 3F, A5, 00, 00, 48, 83, C4, 28, E9, 02, 00, 00, 00, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 30, E8, 90, 20, 00, 00, 0F, B7, F0, B9, 02, 00, 00, 00, E8, CB, A4, 00, 00, B8, 4D, 5A, 00, 00, 48, 8D, 3D, 67, A5, FD, FF, 66, 39, 05, 60, A5, FD, FF, 74, 04, 33, DB, EB, 31, 48, 63, 05, 8F, A5, FD, FF, 48, 03, C7, 81, 38, 50, 45, 00, 00, 75, EA, B9, 0B, 02, 00, 00, 66, 39, 48, 18, 75, DF, 33, DB, 83, B8, 84, 00, 00, 00, 0E, 76, 09, 39, 98, F8, 00, 00, 00, 0F, 95, C3, 89... 
[+]

Entropy:

6.0687

Code size:

249 KB (254,976 bytes)

The file radio canyon-buttonutil64.exe has been discovered within the following program.

Radio Canyon by Bright circle investments Ltd.

Radio Canyon (Porter Studio Plus) is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

88% remove it

Remove radio canyon-buttonutil64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.