» 2435.exe
Overview
Analysis
File Details
Behaviors (1)

2435.exe

You Two Lab (Extreme White Limited)

The application 2435.exe by You Two Lab (Extreme White Limited) has been detected as a potentially unwanted program by 15 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

2435.exe

Publisher:

You Two Lab (Extreme White Limited) (signed and verified)

Version:

106.0.0.0

MD5:

b9f9d834e594a0c06f117270c19e49ef

SHA-1:

3117451651836b2a1acbb7b048aa40de1136f58e

SHA-256:

e9913940b83e8f375918f1a609c6a6d6fa79a22862578b4138b739ed9ad95bc5

Scanner detections:

15 / 68

Status:

Potentially unwanted

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

5/17/2024 12:36:23 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.CrossRider

7.1.1

AVG

Win32/DH{gRJlfRMDICIlV04}

2016.0.3038

Bkav FE

W32.HfsAdware

1.3.0.6979

Dr.Web

Trojan.Crossrider1.43107

9.0.1.0205

ESET NOD32

Win32/Toolbar.CrossRider.CT potentially unwanted (variant)

9.11938

herdProtect (fuzzy)

variant of 1695.exe

2015.8.26.7

K7 AntiVirus

Unwanted-Program

13.207.16676

Kaspersky

HEUR:Trojan-Downloader.Win32.Generic

14.0.0.1685

Malwarebytes

PUP.Optional.Crossbrowse.C

v2015.07.24.10

NANO AntiVirus

Trojan.Win32.Crossrider1.ductxr

0.30.24.2668

Reason Heuristics

PUP.ExtremeWhite.Bundler.Meta (M)

15.7.24.22

Sophos

AppRider

4.98

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

VIPRE Antivirus

Crossrider

41998

Zillya! Antivirus

Adware.CrossRider.Win32.14138

2.0.0.2314

File size:

1.9 MB (1,979,976 bytes)

Product version:

106.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\2435.exe

Digital Signature

Signed by:

You Two Lab (Extreme White Limited)

Authority:

COMODO CA Limited

Valid from:

4/14/2015 5:00:00 PM

Valid to:

4/14/2016 4:59:59 PM

Subject:

CN=You Two Lab (Extreme White Limited), O=You Two Lab (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00DA184DA11A5376568B6099B7928BCCBB

File PE Metadata

Compilation timestamp:

7/14/2015 3:08:52 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:FUg0aCJdW03Ai7vAV3ejTpixTlpS6xi7KEWmrEbs14W:mg1CWwAi743assH

Entry address:

0x12D09E

Entry point:

E8, 58, 11, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 24, DE, 5C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 48, 1E, 5C, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 24, DE, 5C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01... 
[+]

Entropy:

6.6524

Code size:

1.4 MB (1,418,240 bytes)

Scheduled Task

Task name:

E406D727-6AAE-49FB-BCF3-23ACF89EEC2

Trigger:

Logon (Runs on logon)

Remove 2435.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.