» 639ecff2-fbd2-4f26-8f9b-facb6b7ae4cb-6.exe
Overview
Analysis
File Details
Behaviors (1)
Network (8)

639ecff2-fbd2-4f26-8f9b-facb6b7ae4cb-6.exe

Object Browser

ObjectB

The application 639ecff2-fbd2-4f26-8f9b-facb6b7ae4cb-6.exe, “Object Browser exe” has been detected as adware by 30 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.

File name:

Publisher:

ObjectB

Product:

Object Browser

Description:

Object Browser exe

Version:

1000.1000.1000.1000

MD5:

d251419b8c3a765cbc1fcbbb0d1fd463

SHA-1:

f39fd56b4b320270c0537b8b483e8cbbdf1eab07

SHA-256:

45e69ed0142356cdfec1b09735db245a2ce8fde02ca4a28b09c6760eb9539be0

Scanner detections:

30 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/25/2024 6:26:34 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.xz0@m8nUABki

446

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

AhnLab V3 Security

PUP/Win32.CrossRider

2015.10.02

Avira AntiVirus

ADWARE/CrossRider.Gen7

8.3.2.2

Arcabit

Application.Heur.ED77C1

1.0.0.568

avast!

Win32:Evo-gen [Susp]

2014.9-151115

AVG

Generic_r

2016.0.2924

Bitdefender

Gen:Application.Heur.xz0@m8nUABki

1.0.20.1595

Comodo Security

Application.Win32.CrossRider.ALO

23336

Dr.Web

Trojan.Crossrider1.51145

9.0.1.0319

ESET NOD32

Win32/Toolbar.CrossRider.CD potentially unwanted (variant)

9.12341

Fortinet FortiGate

Riskware/CrossRider

11/15/2015

F-Prot

W32/Crossrider.L.gen

v6.4.7.1.166

F-Secure

Gen:Application.Heur.xz0@m8nUABki

11.2015-15-11_1

G Data

Gen:Application.Heur.xz0@m8nUABki

15.11.25

IKARUS anti.virus

not-a-virus:WebToolbar.CrossRider

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.210.17396

Kaspersky

not-a-virus:HEUR:WebToolbar.Win32.CrossRider

14.0.0.1117

Malwarebytes

PUP.Optional.ObjectBrowser

v2015.11.15.03

McAfee

Artemis!D251419B8C3A

5600.6580

MicroWorld eScan

Gen:Application.Heur.xz0@m8nUABki

16.0.0.957

NANO AntiVirus

Trojan.Win32.Crossrider1.dxhebh

0.30.26.3725

Qihoo 360 Security

Win32/Application.8a8

1.0.0.1015

Quick Heal

PUA.Adwapper.07976

11.15.14.00

Reason Heuristics

Adware.Crossrider.ObjectB (M)

15.11.15.15

Rising Antivirus

PE:PUF.CrossRider!1.A157[F1]

23.00.65.151113

Sophos

Generic PUA PD (PUA)

4.98

SUPERAntiSpyware

Adware.CrossRider/Variant

9506

Trend Micro

TROJ_GEN.R00UC0OIT15

10.465.15

VIPRE Antivirus

Trojan.Win32.Generic

44206

File size:

1.4 MB (1,440,256 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Object Browser.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\object browser\639ecff2-fbd2-4f26-8f9b-facb6b7ae4cb-6.exe

File PE Metadata

Compilation timestamp:

9/23/2015 4:06:38 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:ttJwx87GAxiRDYvcmPzJ9H/ezwQObTGpSVoK/CocuVGT535:t3wNglvc696ObTGpSVt/CocuVGT535

Entry address:

0xB3BCD

Entry point:

E8, 14, 01, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D8, 0C, 52, 00, E8, 6D, 76, 00, 00, E8, 34, 53, 00, 00, 0F, B7, F0, 6A, 02, E8, A7, 00, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 9F, 8D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

923 KB (945,152 bytes)

Scheduled Task

Task name:

639ecff2-fbd2-4f26-8f9b-facb6b7ae4cb-6

Trigger:

Logon (Runs on logon)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ip-50-63-202-55.ip.secureserver.net (50.63.202.55:80)

TCP (HTTP):

Connects to tlb.hwcdn.net (69.16.175.10:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.49.106:80)

Remove 639ecff2-fbd2-4f26-8f9b-facb6b7ae4cb-6.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.