wifi protector bi-buttonutil64.dll

Krance Development

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module wifi protector bi-buttonutil64.dll by Krance Development has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Krance Development  (signed and verified)

MD5:
fd9d0c3a283e801c1c1c9e9b233705c9

SHA-1:
6d229dd7f9585820bd11d7e7796706b904108367

SHA-256:
1bb52421380f59ab82e7b439e8b3d1c4dddc681b7afffe528951b262e5d1e0dc

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Krance Development.

Analysis date:
12/24/2024 4:40:26 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider (M)
17.3.5.9

File size:
513.4 KB (525,728 bytes)

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\Program Files\wifi protector bi\wifi protector bi-buttonutil64.dll

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/27/2014 9:00:00 PM

Valid to:
8/28/2015 8:59:59 PM

Subject:
CN=Krance Development, O=Krance Development, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2F8A4746EB05936853BC17805C72D300

File PE Metadata
Compilation timestamp:
9/28/2014 4:34:19 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x32D2C

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, EF, A9, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 40, 50, 04, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Code size:
345 KB (353,280 bytes)

Remove wifi protector bi-buttonutil64.dll - Powered by Reason Core Security