» thetorntv v10-buttonutil64.dll
Overview
Analysis
File Details

thetorntv v10-buttonutil64.dll

King Gainer Lab

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module thetorntv v10-buttonutil64.dll by King Gainer Lab has been detected as adware by 8 anti-malware scanners. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

King Gainer Lab (signed and verified)

MD5:

18e7707835ef044c9a07d9af4d86a604

SHA-1:

d4cabbc1b58355ac60a8a0b8ed04da18a3808591

SHA-256:

6c17b69fd43394d687fd00b7b69f09187d5f3aded8587462a34385dbdd45b7c2

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is King Gainer Lab.

Analysis date:

5/23/2024 9:51:25 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/CrossRider.pq

7.11.173.134

AVG

Generic

2015.0.3335

herdProtect (fuzzy)

variant of senses-buttonutil64.dll (Adware)

2014.12.3.11

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.3172

Panda Antivirus

Trj/Chgt.G

14.09.30.04

Qihoo 360 Security

Win32/Virus.Adware.970

1.0.0.1015

Reason Heuristics

PUP.Crossrider.KingGainerLab.AA

14.9.22.1

VIPRE Antivirus

Threat.4789396

36694

File size:

477.9 KB (489,368 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\thetorntv v10\thetorntv v10-buttonutil64.dll

Digital Signature

Signed by:

King Gainer Lab

Authority:

COMODO CA Limited

Valid from:

8/18/2014 6:00:00 PM

Valid to:

8/19/2015 5:59:59 PM

Subject:

CN=King Gainer Lab, O=King Gainer Lab, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

10B5049C2559348D7A87203A148C790A

File PE Metadata

Compilation timestamp:

9/18/2014 4:02:52 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:TtCnIJPTAnKCpwLJN350WKM99eW6/giyCVpuKF33MxGRhOwTW/3jPMRSOTB/zxVQ:6iE3dh8QhI/TPMMOTZzx9YbP

Entry address:

0x2F18C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, EF, A9, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, E0, 0B, 04, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2451

Code size:

317 KB (324,608 bytes)

Remove thetorntv v10-buttonutil64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.