» thegophoto.it v10-buttonutil.dll
Overview
Analysis
File Details

thegophoto.it v10-buttonutil.dll

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module thegophoto.it v10-buttonutil.dll by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 27 anti-malware scanners. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

BadFinger Project (BrightCircle Investments Limited) (signed and verified)

MD5:

8b0a2f5a8d4217a53f7cc70d33e36e36

SHA-1:

20f90bb62514c55aff62c90e901301d4f9e2fbf2

SHA-256:

3195f3a33c2d724cbf1ecc5dec4278f5e4d42209f8aca8fb7eee72388584ace0

Scanner detections:

27 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is BadFinger Project (BrightCircle Investments Limited).

Analysis date:

4/18/2024 6:47:19 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.vy5@mG@2ECci

735

AhnLab V3 Security

PUP/Win32.CrossRider

2014.12.28

Avira AntiVirus

ADWARE/CrossRider.Gen

7.11.198.40

AVG

Generic

2016.0.3213

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.15131

Bitdefender

Gen:Application.Heur.vy5@mG@2ECci

1.0.20.155

Dr.Web

DLOADER.Trojan

9.0.1.031

ESET NOD32

Win32/Toolbar.CrossRider.BD (variant)

9.10932

Fortinet FortiGate

Adware/Adwapper

1/31/2015

F-Secure

Gen:Application.Heur.vy5@mG@2ECci

11.2015-31-01_7

G Data

Gen:Application.Heur.vy5@mG@2ECci

15.1.24

K7 AntiVirus

Unwanted-Program

13.188.14468

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.2559

McAfee

Artemis!8B0A2F5A8D42

5600.6869

MicroWorld eScan

Gen:Application.Heur.vy5@mG@2ECci

16.0.0.93

NANO AntiVirus

Riskware.Win32.CrossRider.dkpzob

0.30.0.64448

Panda Antivirus

Trj/Genetic.gen

15.01.31.07

Qihoo 360 Security

Win32/Application.0f7

1.0.0.1015

Quick Heal

AdWare.NSIS.r6 (Not a Virus)

1.15.14.00

Reason Heuristics

PUP.Crossrider.Brightcircle

15.1.31.7

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.15129

Sophos

AppRider

4.98

Trend Micro House Call

TROJ_GEN.F0C2C00LG14

7.2.31

Trend Micro

TROJ_GEN.F0C2C00LG14

10.465.31

Vba32 AntiVirus

AdWare.Adwapper

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

36120

File size:

347.5 KB (355,808 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\thegophoto.it v10\thegophoto.it v10-buttonutil.dll

Digital Signature

Signed by:

BadFinger Project (BrightCircle Investments Limited)

Authority:

COMODO CA Limited

Valid from:

11/17/2014 2:00:00 AM

Valid to:

11/18/2015 1:59:59 AM

Subject:

CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata

Compilation timestamp:

12/4/2014 1:04:10 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:Ql+oN/hUOEWR1EgF7Zsf9iwWnqFWgbcpGfiA3j4BFK1DM6m+JraWTBfAlS+fBZLc:Ql+KULcSWqFfwXAL1LGWTBp4rReWKT

Entry address:

0x1F563

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 51, 98, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 80, 4A, 04, 10, E8, CE, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 08, C1, 04, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 30, DE, 03, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.3574

Developed / compiled with:

Microsoft Visual C++

Code size:

220.5 KB (225,792 bytes)

Remove thegophoto.it v10-buttonutil.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.