» buttonwrap64.dll
Overview
Analysis
File Details
Programs (1)

buttonwrap64.dll

Cloud Installer

The module buttonwrap64.dll by Cloud Installer has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Browser Extensions by Spigot, Inc. which is a potentially unwanted software program.

File name:

buttonwrap64.dll

Publisher:

Cloud Installer (signed and verified)

Version:

1, 9, 0, 1

MD5:

e95b6a2d424c28c99ce08ac28a3ce812

SHA-1:

de221922cc06505206e1d06b100d25289fc4a6dc

SHA-256:

183690468c8b53a2abf8e7f376f84a680c07c7813dccb48eaeb8e8049e39ebfa

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/28/2024 2:50:06 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Softpulse (M)

16.11.24.18

File size:

199.8 KB (204,544 bytes)

Product version:

1, 9, 0, 1

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\browserextensions\buttonwrap64.dll

Digital Signature

Signed by:

Cloud Installer

Authority:

GoDaddy.com, Inc.

Valid from:

10/15/2016 6:56:38 AM

Valid to:

3/8/2017 9:16:38 AM

Subject:

CN=Cloud Installer, O=Cloud Installer, L=Incline Village, S=Nevada, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00B90F0254308FAC21

File PE Metadata

Compilation timestamp:

11/21/2016 9:03:39 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:bGtGbHnFL9nltb8bBfNu0l87N/BGBZcRoAwjfpuC+uJQHP:bfRHbgfN5kz2OoPIXP

Entry address:

0xB6BC

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, D3, 2F, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, AB, FE, FF, FF, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 68, 10, 48, 89, 70, 18, 48, 89, 78, 20, 41, 54, 48, 83, EC, 20, 49, 8B, 59, 38, 48, 8B, F2, 4D, 8B, E0, 48, 8B, E9, 4C, 8D, 43, 04, 49, 8B, D1, 48, 8B, CE, 49, 8B, F9, E8, DC, 0F, 00, 00, 44, 8B, 5B, 04, 44, 8B, 55, 04... 
[+]

Entropy:

5.5657

Code size:

95.5 KB (97,792 bytes)

The file buttonwrap64.dll has been discovered within the following program.

Browser Extensions by Spigot, Inc.

Publisher's description - “The toolbar communicates with our servers from time to time to check for available software updates such as bug fixes, patches, enhanced functions and new versions. By installing the toolbar, you agree to automatically request and receive updates.”

www.spigot.com

66% remove it

Remove buttonwrap64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.