home

buttonwrap.dll

Cloud Installer

The module buttonwrap.dll by Cloud Installer has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Browser Extensions by Spigot, Inc. which is a potentially unwanted software program.
Publisher:
Cloud Installer  (signed and verified)

Version:
1, 9, 0, 1

MD5:
1bdfceb6929fb01c5c5879b885395049

SHA-1:
e18cd45c86aa35b64701dcd4cc5cf4e013a7df83

SHA-256:
778acd85afce2c161d517fca1de3a019a99bc1a4befac3e513ad27dd5b56f887

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/28/2024 2:30:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Softpulse (M)
16.11.24.18

File size:
171.8 KB (175,872 bytes)

Product version:
1, 9, 0, 1

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\browserextensions\buttonwrap.dll

Digital Signature
Signed by:
Cloud Installer

Authority:
GoDaddy.com, Inc.

Valid from:
10/15/2016 6:56:38 AM

Valid to:
3/8/2017 9:16:38 AM

Subject:
CN=Cloud Installer, O=Cloud Installer, L=Incline Village, S=Nevada, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00B90F0254308FAC21

File PE Metadata
Compilation timestamp:
11/21/2016 9:02:21 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:AjszzzOQ2fMXNegBhQNvGQktvVr6hW+swQHwG:vzzilMXNINvLktdAUbF

Entry address:
0x8EBC

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 8B, 2A, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 60, CD, 01, 10, 00, 74, 05, E9, 38, 2B, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9...
 
[+]

Entropy:
5.6781

Code size:
80 KB (81,920 bytes)

The file buttonwrap.dll has been discovered within the following program.

Browser Extensions  by Spigot, Inc.
Publisher's description - “The toolbar communicates with our servers from time to time to check for available software updates such as bug fixes, patches, enhanced functions and new versions. By installing the toolbar, you agree to automatically request and receive updates.”
www.spigot.com
66% remove it
 
Powered by Should I Remove It?

Remove buttonwrap.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.