home

thetorntv v10-buttonutil.dll

Pess Kess Games

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module thetorntv v10-buttonutil.dll by Pess Kess Games has been detected as adware by 22 anti-malware scanners. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Pess Kess Games  (signed and verified)

MD5:
0affb5f20b16286d4abb3aa53d5d58e2

SHA-1:
4ad04b7fb972a865a597a6a9ec060f34412fd08a

SHA-256:
b97a118565c14084e1964d57b8865b0fd3a384fcd698426cee275cb4670e2b3e

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Pess Kess Games.

Analysis date:
4/27/2024 12:03:32 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.CrossRider
2014.10.31

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.182.78

AVG
Generic
2015.0.3306

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15324

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
DLOADER.Trojan
9.0.1.0303

ESET NOD32
Win32/Toolbar.CrossRider.BD (variant)
8.10644

Fortinet FortiGate
Riskware/CrossRider
3/24/2015

F-Prot
W32/S-89e9aa96
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.201.15291

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.2300

NANO AntiVirus
Trojan.Win32.CrossRider.disuyf
0.30.8.659

nProtect
Trojan/W32.Agent.413600
15.03.17.01

Panda Antivirus
Trj/Genetic.gen
15.03.24.01

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Quick Heal
PUA.BrightCircle.OD6
3.15.14.00

Reason Heuristics
PUP.Crossrider.PessKessGames.Y
14.10.27.11

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.141028

Sophos
AppRider
4.98

Vba32 AntiVirus
AdWare.Adwapper
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
38516

Zillya! Antivirus
Adware.Adwapper.Win32.965
2.0.0.2104

File size:
403.9 KB (413,592 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\thetorntv v10\thetorntv v10-buttonutil.dll

Digital Signature
Signed by:
Pess Kess Games

Authority:
COMODO CA Limited

Valid from:
8/28/2014 8:00:00 AM

Valid to:
8/29/2015 7:59:59 AM

Subject:
CN=Pess Kess Games, O=Pess Kess Games, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00985357810266ED5784B0A15904D65082

File PE Metadata
Compilation timestamp:
10/26/2014 4:34:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:UGfWAofLy5rm8S/ywJQzNVbhn3eWwTIaTB9j4qehhIM/+C:UGMfG89WzNVh3eWnaTzj4dD/+C

Entry address:
0x29903

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 01, 9A, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, E8, 19, 05, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 28, 91, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 80, AD, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3537

Developed / compiled with:
Microsoft Visual C++

Code size:
272.5 KB (279,040 bytes)

Remove thetorntv v10-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.