buttonutil.dll

Cloud Power LLC

The module buttonutil.dll by Cloud Power has been detected as adware by 8 anti-malware scanners. This file is typically installed with the program AutoComplete+ Personal by Cloud Power LLC which is a potentially unwanted software program. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Cloud Power LLC  (signed and verified)

MD5:
1354f2f10ecbace94f060a3301dffc5a

SHA-1:
c6cda22abab6c92cf4b679fb5b70d04a6ae6a628

SHA-256:
d3675c4398f023777ddb361cf1a1e951422c33d39604755953de7612a369e871

Scanner detections:
8 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
11/23/2024 7:43:40 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.Toolbar
4.0.3.14929

Bkav FE
W32.Clod15b.Trojan
1.3.0.4562

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.9084

K7 AntiVirus
Trojan
13.174.10286

McAfee
Artemis!E87F7D42DA97
5600.6993

Reason Heuristics
PUP.CloudPower.K
14.9.11.21

Trend Micro House Call
TROJ_GEN.R0C9H01H113
7.2.272

VIPRE Antivirus
Crossrider
23628

File size:
238 KB (243,712 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\autocomplete+ personal\buttonutil.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
5/29/2012 2:00:00 AM

Valid to:
5/30/2015 1:59:59 AM

Subject:
CN=Cloud Power LLC, O=Cloud Power LLC, STREET=5375 Beechwood Ln, L=Los Altos, S=CA, PostalCode=94024, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
444FE815BC180B87BEEC9346E8588153

File PE Metadata
Compilation timestamp:
2/11/2013 3:08:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:RJVrno90DDvPuUFp7VfeNl3QQFA/Lp4vzOmkW3ftP:jZno9uDvP1doQQFA/Lp4vyxWft

Entry address:
0x1B5A2

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, AC, 64, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 70, 64, 03, 10, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, BE, E0, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, AE, E0, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85...
 
[+]

Code size:
172.5 KB (176,640 bytes)

The file buttonutil.dll has been discovered within the following program.

AutoComplete+ Personal  by Cloud Power LLC
AutoComplete+ Personal is a web browser extension that will also co-bundle various potentially unwanted programs during installation. The plugin for Internet Explorer, Firefox and Chrome will modify the user's search provider. It uses the CrossRider toolbar platform.
www.autocompleteplus.com
74% remove it
 
Powered by Should I Remove It?

Remove buttonutil.dll - Powered by Reason Core Security