home

9cb2637e-8379-4107-9f2c-6af0cb032818-6.exe

Crossrider Advanced Technologies

Part of the Crossrider framework, a web browser extension that will deliver advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application 9cb2637e-8379-4107-9f2c-6af0cb032818-6.exe by Crossrider Advanced Technologies has been detected as adware by 36 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Radio Canyon by Bright circle investments Ltd. which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Radio Canyon  (signed by Crossrider Advanced Technologies)

Product:
Radio Canyon

Description:
Radio Canyon exe

Version:
1000.1000.1000.1000

MD5:
9faeebb72d9d9c15bce2b88b01786140

SHA-1:
3d9af573ad4eeeefb59e231a96d24e1da5b656d4

SHA-256:
45d83bd255529804cdf5e2e5cb5728e0f33c15ccf04fcbbb49c914bc79cd98a9

Scanner detections:
36 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
5/25/2024 9:59:40 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.nz1@mCrtzybi
555

Agnitum Outpost
Trojan.GoogUpdate
7.1.1

AhnLab V3 Security
PUP/Win32.CrossRider
2015.07.08

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

Arcabit
Application.Heur.E3A0A4
1.0.0.425

avast!
Win32:Crossrider-AI [PUP]
2014.9-150729

AVG
Crossrider
2016.0.3033

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15729

Bitdefender
Gen:Application.Heur.nz1@kmTOXegi
1.0.20.1050

Bkav FE
W32.HfsAdware
1.3.0.6979

Comodo Security
ApplicUnwnt
22699

Dr.Web
Trojan.Crossrider1.26410
9.0.1.0210

ESET NOD32
Win32/Toolbar.CrossRider.AY potentially unwanted (variant)
9.11906

Fortinet FortiGate
Riskware/CrossRider
7/29/2015

F-Prot
W32/A-865d81b8
v6.4.7.1.166

F-Secure
Gen:Application.Heur.nz1@mCrtzybi
11.2015-29-07_4

G Data
Gen:Application.Heur.nz1@mCrtzybi
15.7.25

herdProtect (fuzzy)
variant of 08906285-1df0-4f90-ae08-60c6f8476f4d-6.exe (Adware)
2015.9.1.19

K7 AntiVirus
Unwanted-Program
13.186.14198

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.1662

Malwarebytes
PUP.Optional.CrossRider.A
v2015.07.29.01

McAfee
Artemis!9FAEEBB72D9D
5600.6689

MicroWorld eScan
Gen:Application.Heur.nz1@kmTOXegi
16.0.0.630

NANO AntiVirus
Trojan.Win32.GoogUpdate.diufxd
0.30.24.2487

nProtect
Trojan/W32.Agent.1269680
14.12.01.01

Panda Antivirus
Trj/Genetic.gen
15.07.29.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Quick Heal
PUA.Crossrider.Gen
7.15.14.00

Reason Heuristics
Adware.Crossrider.CrossriderAdvancedTechnologies (M)
15.7.29.13

Rising Antivirus
PE:Malware.Adwapper!6.2061
23.00.65.15727

SUPERAntiSpyware
Adware.CrossRider/Variant
9724

Trend Micro House Call
TROJ_GEN.R047C0EL114
7.2.244

Trend Micro
TROJ_GEN.R0C1C0ECH15
10.465.29

Vba32 AntiVirus
AdWare.Adwapper
3.12.26.4

VIPRE Antivirus
Crossrider
41818

Zillya! Antivirus
Trojan.GoogUpdate.Win32.4271
2.0.0.1997

File size:
1.2 MB (1,272,536 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2016

Original file name:
Radio Canyon.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\radio canyon\9cb2637e-8379-4107-9f2c-6af0cb032818-6.exe

Digital Signature
Signed by:
Crossrider Advanced Technologies

Authority:
COMODO CA Limited

Valid from:
9/24/2012 6:00:00 AM

Valid to:
9/25/2015 5:59:59 AM

Subject:
CN=Crossrider Advanced Technologies, O=Crossrider Advanced Technologies, STREET=40 Lilienblum St, L=Tel-Aviv, S=Israel, PostalCode=65133, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B9966EA31AF5750F30968D041D15669B

File PE Metadata
Compilation timestamp:
11/2/2014 2:36:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:Tq+x7PlqRxa5Oh8ljURRKOjHtVGO7TvpSdnhs/E+1PI:t7iwlAPKi7TvpSdhUE+1PI

Entry address:
0xA3F40

Entry point:
E8, C7, 03, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, 88, 50, 00, E8, 2A, 79, 00, 00, E8, FC, 55, 00, 00, 0F, B7, F0, 6A, 02, E8, 5A, 03, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 58, 8D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
820.5 KB (840,192 bytes)

Scheduled Task
Task name:
9cb2637e-8379-4107-9f2c-6af0cb032818-6

Trigger:
Logon (Runs on logon)


The file 9cb2637e-8379-4107-9f2c-6af0cb032818-6.exe has been discovered within the following program.

Radio Canyon  by Bright circle investments Ltd.
Radio Canyon (Porter Studio Plus) is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-184-168-221-45.ip.secureserver.net  (184.168.221.45:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.17.218:80)

TCP (HTTP):
Connects to ip-50-63-202-55.ip.secureserver.net  (50.63.202.55:80)

Remove 9cb2637e-8379-4107-9f2c-6af0cb032818-6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.