» button64.exe
Overview
Analysis
File Details
Programs (1)

button64.exe

Cloud Installer

The application button64.exe by Cloud Installer has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Browser Extensions by Spigot, Inc. which is a potentially unwanted software program.

File name:

button64.exe

Publisher:

Cloud Installer (signed and verified)

Version:

1, 9, 0, 1

MD5:

b471aa669ef394e8467d364feff41825

SHA-1:

0257b91f6f4f9319ea2f90df26e1c49df06f8e11

SHA-256:

07ce68ebe3e72592a2f73cbd24267ecf33908b7d5e6c2f000094da8542d0217b

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/28/2024 2:39:05 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Softpulse (M)

16.11.24.18

File size:

83.8 KB (85,760 bytes)

Product version:

1, 9, 0, 1

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\browserextensions\button64.exe

Digital Signature

Signed by:

Cloud Installer

Authority:

GoDaddy.com, Inc.

Valid from:

10/15/2016 6:56:38 AM

Valid to:

3/8/2017 9:16:38 AM

Subject:

CN=Cloud Installer, O=Cloud Installer, L=Incline Village, S=Nevada, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00B90F0254308FAC21

File PE Metadata

Compilation timestamp:

11/21/2016 9:03:26 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

1536:IFXWlXIv8YGzvQRYHqfxzYGnm7caIEFRo4yrgD/tNVtpr/O12/h:IApIv8hzvCYK50aEZyrgrt1pr/B

Entry address:

0x3F88

Entry point:

48, 83, EC, 28, E8, 03, 2D, 00, 00, 48, 83, C4, 28, E9, 56, FE, FF, FF, CC, CC, 48, 89, 0D, 6D, 08, 01, 00, C3, 40, 53, 48, 81, EC, E0, 05, 00, 00, 83, 64, 24, 70, 00, 48, 8D, 4C, 24, 74, 33, D2, 41, B8, 94, 00, 00, 00, E8, CC, 02, 00, 00, 4C, 8D, 5C, 24, 70, 48, 8D, 84, 24, 10, 01, 00, 00, 48, 8D, 8C, 24, 10, 01, 00, 00, 4C, 89, 5C, 24, 48, 48, 89, 44, 24, 50, FF, 15, 7F, A1, 00, 00, 48, 8B, 9C, 24, 08, 02, 00, 00, 48, 8D, 54, 24, 40, 48, 8B, CB, 45, 33, C0, E8, E1, 8C, 00, 00, 48, 85, C0, 74, 3B, 48, 83... 
[+]

Entropy:

6.0286

Code size:

50 KB (51,200 bytes)

The file button64.exe has been discovered within the following program.

Browser Extensions by Spigot, Inc.

Publisher's description - “The toolbar communicates with our servers from time to time to check for available software updates such as bug fixes, patches, enhanced functions and new versions. By installing the toolbar, you agree to automatically request and receive updates.”

www.spigot.com

66% remove it

Remove button64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.