home

thehdvid-codec v10-buttonutil.dll

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The module thehdvid-codec v10-buttonutil.dll by Sailor Project has been detected as adware by 12 anti-malware scanners. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Sailor Project  (signed and verified)

MD5:
8c6e65ca4ea7bd1a178d716f1cc46cba

SHA-1:
a5af507c0ee56de5ae9048fadd7b74e64cc358ac

SHA-256:
f52df4d51ecc439af735de2f8d4ea73377e416cf7bef6f15693923adf9bf1f9f

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Sailor Project.

Analysis date:
4/25/2024 6:41:34 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.166.78

AVG
Generic
2015.0.3396

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.14910

ESET NOD32
Win32/Toolbar.CrossRider.AA potentially unwanted application
8.7.0.302.0

herdProtect (fuzzy)
variant of sense-buttonutil.dll (Adware)
2014.9.10.20

IKARUS anti.virus
not-a-virus:WebToolbar.CroRi
t3scan.1.6.1.0

Kaspersky
not-a-virus:WebToolbar.Win32.CroRi
14.0.0.3272

Panda Antivirus
Trj/Genetic.gen
14.07.31.06

Reason Heuristics
PUP.Crossrider.SailorProject.DD
14.7.31.17

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.14729

Sophos
AppRider
4.98

VIPRE Antivirus
Threat.4789396
31208

File size:
412.4 KB (422,248 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\thehdvid-codec v10\thehdvid-codec v10-buttonutil.dll

Digital Signature
Signed by:
Sailor Project

Authority:
COMODO CA Limited

Valid from:
7/18/2014 1:00:00 AM

Valid to:
7/19/2015 12:59:59 AM

Subject:
CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
47C5F145C734CD3D086C0A102176F0A1

File PE Metadata
Compilation timestamp:
7/24/2014 11:03:17 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:ZxzGR5sNN9LcOfsynlPuu/q4dw5Bd9E2D9EKsAin/p19KCX2TB01XfixHkour:Z9GR+NjJT/Qd9Eqi/p1H2T216/ur

Entry address:
0x2A863

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 9C, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, E8, 2B, 05, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 88, B1, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 00, BF, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3470

Developed / compiled with:
Microsoft Visual C++

Code size:
279.5 KB (286,208 bytes)

Remove thehdvid-codec v10-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.