» {264f4c82-d501-6b0b-ef49-75eab333d057}-u.exe
Overview
Analysis
File Details

{264f4c82-d501-6b0b-ef49-75eab333d057}-u.exe

The application {264f4c82-d501-6b0b-ef49-75eab333d057}-u.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

MD5:

f06defd641c2906747c8650acf4e15d4

SHA-1:

30d195929136ba556a4b93f611c6e6d79a639133

SHA-256:

5e3dc90865d2d6bbe2d831a92ce3ce3daf5447b5644ae72c8996e5152fca5fc5

Scanner detections:

13 / 68

Status:

Potentially unwanted

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/25/2024 2:18:39 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.NTQ

5857434

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.189.82

AVG

Generic5

2015.0.3277

Bitdefender

Adware.Agent.NTQ

1.0.20.1660

Dr.Web

Trojan.Crossrider.31

9.0.1.05190

Emsisoft Anti-Malware

Adware.Agent.NTQ

9.0.0.4570

F-Prot

W32/A-97cb2859

v6.4.7.1.166

F-Secure

Adware.Agent.NTQ

11.2014-28-11_6

G Data

Adware.Agent.NTQ

14.11.24

Kaspersky

not-a-virus:WebToolbar.Win32.Cossder

15.0.0.543

MicroWorld eScan

Adware.Agent.NTQ

15.0.0.996

NANO AntiVirus

Riskware.Win32.Agent.cqzruf

0.28.6.63726

nProtect

Adware.Agent.NTQ

14.11.27.01

File size:

1.5 MB (1,536,264 bytes)

File type:

Executable application (Win64 EXE)

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

24576:30gP1iowlvmZHd7vqoxGnvtiTSONQC7nyy0ZTl/o49gRDEks6AQCBdxlgY:9iowpmZHdb2EuTW4Cs6Afx

Entry point:

B2, A5, 6F, FF, FC, FF, FF, FF, FB, FF, FF, FF, 00, 00, FF, FF, 47, FF, FF, FF, FF, FF, FF, FF, BF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, 0F, FF, FF, FF, F1, E0, 45, F1, FF, 4B, F6, 32, DE, 47, FE, B3, 32, DE, AB, 97, 96, 8C, DF, 8F, 8D, 90, 98, 8D, 9E, 92, DF, 9C, 9E, 91, 91, 90, 8B, DF, 9D, 9A, DF, 8D, 8A, 91, DF, 96, 91, DF, BB, B0, AC, DF, 92, 90, 9B, 9A, D1, F2, F2, F5, DB, FF, FF, FF, FF, FF, FF, FF... 
[+]

Entropy:

7.9252 (probably packed)

Remove {264f4c82-d501-6b0b-ef49-75eab333d057}-u.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.