home

thehdvid-codec v10-buttonutil64.dll

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module thehdvid-codec v10-buttonutil64.dll by Naruto Source has been detected as adware by 11 anti-malware scanners. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Naruto Source  (signed and verified)

MD5:
56837afb8c72cc23c5063c6dda86791c

SHA-1:
e7e1444356af4f07c348566f9ebe3dea5e13bb47

SHA-256:
443107ac068df0b5263d87b339f40acd7394c2bdf29b5e489c4aeb6fb8aa378d

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Naruto Source.

Analysis date:
5/6/2024 4:45:52 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/CrossRider.pq
7.11.172.136

AVG
Generic
2015.0.3346

ESET NOD32
Win64/Toolbar.Crossrider (variant)
8.10422

Fortinet FortiGate
Adware/Adwapper
10/3/2014

herdProtect (fuzzy)
variant of clickmovie1-downloaderv10-buttonutil64.dll (Adware)
2014.12.3.2

IKARUS anti.virus
PUA.Toolbar.CrossRider
t3scan.1.7.8.0

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
14.0.0.3223

McAfee
Artemis!396381B06459
5600.7002

Panda Antivirus
Trj/Chgt.F
14.09.20.11

Qihoo 360 Security
Win32/Virus.Adware.970
1.0.0.1015

Reason Heuristics
PUP.Crossrider.NarutoSource.FF
14.9.20.11

File size:
464.9 KB (476,008 bytes)

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\Program Files\thehdvid-codec v10\thehdvid-codec v10-buttonutil64.dll

Digital Signature
Signed by:
Naruto Source

Authority:
COMODO CA Limited

Valid from:
7/28/2014 2:00:00 AM

Valid to:
7/29/2015 1:59:59 AM

Subject:
CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1CE82906A7F364268F66771839675655

File PE Metadata
Compilation timestamp:
9/14/2014 12:02:44 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:UMP+n7K/Te19DS+yACUVLj0bFM0kJqK7bSoPaulJwTssJ/kMnyGijPpTBzGEvt8N:5lL+rLpNZXvlPstznyhpTtGERC

Entry address:
0x2D57C

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, EF, A9, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, F0, F7, 03, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Code size:
306.5 KB (313,856 bytes)

Remove thehdvid-codec v10-buttonutil64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.