» button.exe
Overview
Analysis
File Details
Programs (1)

button.exe

Cloud Installer

The application button.exe by Cloud Installer has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Browser Extensions by Spigot, Inc. which is a potentially unwanted software program.

File name:

button.exe

Publisher:

Cloud Installer (signed and verified)

Version:

1, 9, 0, 1

MD5:

7292784a5776684cb07301d85853f485

SHA-1:

1d7e1433bcea209a1c0ae2b1bfde5d98a207b71a

SHA-256:

182f249d5828a03945a164ce1432a137a2eed76353b005d3092ec246355b8222

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/28/2024 2:55:03 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Softpulse (M)

16.11.24.18

File size:

73.8 KB (75,520 bytes)

Product version:

1, 9, 0, 1

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\browserextensions\button.exe

Digital Signature

Signed by:

Cloud Installer

Authority:

GoDaddy.com, Inc.

Valid from:

10/15/2016 6:56:38 AM

Valid to:

3/8/2017 9:16:38 AM

Subject:

CN=Cloud Installer, O=Cloud Installer, L=Incline Village, S=Nevada, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00B90F0254308FAC21

File PE Metadata

Compilation timestamp:

11/21/2016 9:02:11 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

768:S5/+K4OEEGfoZTX5lFJX6LBQoP/mzxxWNJESkPPxb6cMH63S+VdIPNwxNG/vs:lLOYoF5/JKLek/mOkPJJMx+VYAsvs

Entry address:

0x35C5

Entry point:

E8, 90, 2B, 00, 00, E9, A5, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, FC, 21, 41, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 50, 10, 41, 00, 33, C5, 89, 45, FC, 83, A5, D8, FC, FF, FF, 00, 53, 6A, 4C, 8D, 85, DC, FC, FF, FF, 6A, 00, 50, E8, F5, 02, 00, 00, 8D, 85, D8, FC, FF, FF, 89, 85, 28, FD, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, 2C, FD, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89... 
[+]

Entropy:

6.2613

Code size:

45 KB (46,080 bytes)

The file button.exe has been discovered within the following program.

Browser Extensions by Spigot, Inc.

Publisher's description - “The toolbar communicates with our servers from time to time to check for available software updates such as bug fixes, patches, enhanced functions and new versions. By installing the toolbar, you agree to automatically request and receive updates.”

www.spigot.com

66% remove it

Remove button.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.