» weather it up-buttonutil.dll
Overview
Analysis
File Details
Programs (1)

weather it up-buttonutil.dll

The module weather it up-buttonutil.dll has been detected as adware by 14 anti-malware scanners. This file is typically installed with the program Weather It Up by Phoenix Media which is a potentially unwanted software program. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon.

File name:

MD5:

4926bbc56b60bb7e43dd4476da2d948b

SHA-1:

86c427e644217899e00a093776c06713e9192a93

SHA-256:

7320ea82347db59143c01c7cbe41b1a30c2258c74487bbcb1c3505e91d219916

Scanner detections:

14 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/19/2024 5:24:21 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.AdLoad

7.1.1

Avira AntiVirus

Adware/CrossRider.A.5957

7.11.153.56

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.1465

Dr.Web

DLOADER.Trojan

9.0.1.0156

ESET NOD32

Win32/Toolbar.CrossRider.AA potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/Toolbar_CrossRider

6/5/2014

IKARUS anti.virus

AdWare.Adload

t3scan.1.6.1.0

Kaspersky

not-a-virus:AdWare.Win32.AdLoad

14.0.0.3495

NANO AntiVirus

Riskware.Win32.AdLoad.dbbpmm

0.28.2.60990

Panda Antivirus

Trj/Chgt.A

14.07.28.01

Reason Heuristics

PUP.Crossrider.Y

14.6.5.7

Sophos

AppRider

4.98

Vba32 AntiVirus

AdWare.AdLoad

3.12.26.3

VIPRE Antivirus

Threat.4789396

29800

File size:

379 KB (388,096 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\weather it up\weather it up-buttonutil.dll

File PE Metadata

Compilation timestamp:

5/27/2014 12:12:04 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:Y6IfPg+N5mU5y0ciMtwiJ/S09M6TBFQvux4tki59i5:AXgWfXiwiIuM6Tsvu+u5

Entry address:

0x26263

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 21, 89, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, D8, C6, 04, 10, E8, EE, 24, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, B8, 3F, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, C0, 4B, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

254 KB (260,096 bytes)

The file weather it up-buttonutil.dll has been discovered within the following program.

Weather It Up by Phoenix Media

Displays advertising within the user's web browser on web pages where advertising would not normally appear. may be distribuited through OpenCandy.

82% remove it

Remove weather it up-buttonutil.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.