thegophoto.it v10-buttonutil64.dll

Nickel Cycle Combo

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module thegophoto.it v10-buttonutil64.dll by Nickel Cycle Combo has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Nickel Cycle Combo  (signed and verified)

MD5:
4416022ccbf31c5014d255e1462f2781

SHA-1:
5804cd751083bbf4f210a2dfc44022e0e552e80f

SHA-256:
63f8225c547a1fdfc0237a96e27831bbcd4fa1a4e4ca0cf42f1b6dad57faafd8

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Nickel Cycle Combo.

Analysis date:
11/2/2024 1:39:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider (M)
16.12.19.22

File size:
408.4 KB (418,208 bytes)

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\Program Files\thegophoto.it v10\thegophoto.it v10-buttonutil64.dll

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/28/2014 5:00:00 AM

Valid to:
8/29/2015 4:59:59 AM

Subject:
CN=Nickel Cycle Combo, O=Nickel Cycle Combo, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E88B19F4C25DE21197EE9D01573D202A

File PE Metadata
Compilation timestamp:
10/12/2014 12:47:17 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x2A35C

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 7F, A7, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 10, 6A, 03, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
6.1990

Code size:
264 KB (270,336 bytes)

Remove thegophoto.it v10-buttonutil64.dll - Powered by Reason Core Security