crossbrowse.exe

Crossbrowse

The application crossbrowse.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. This file is typically installed with the program Crossbrowse by CLARALABSOFTWARE which is a potentially unwanted software program. While running, it connects to the Internet address cache.google.com on port 443.
Publisher:
Crossbrowse

Product:
Crossbrowse

Version:
39.6.2171.95

MD5:
6bcfcfa512a003a8043cf2f370b0b479

SHA-1:
16b8d168ab9664b6a2a77e3de56c9b8722d2227d

SHA-256:
fb3a2a8b91318ea000bd9c5b0c0307e6b12d84ac645a2e95965185431208320d

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/12/2017 2:04:17 AM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.Crossbrowse.C
v2015.05.18.12

Reason Heuristics
PUP.Crossbrowse.Meta
15.6.16.0

File size:
622.5 KB (637,440 bytes)

Product version:
39.6.2171.95

Copyright:
Copyright 2015 Crossbrowse. All rights reserved.

Original file name:
crossbrowse.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\crossbrowse\crossbrowse\application\crossbrowse.exe

File PE Metadata
Compilation timestamp:
5/12/2015 12:44:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:ICMg9BVBgSYSf07+9PulOhTwqU7EOBIz3xt7KjKTDLn/eYUfaztJkr7iMS:ICZn6qwq+Ei4DuobjkqM

Entry address:
0x3CE04

Entry point:
E8, 5B, B2, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 83, EC, 14, 53, 56, 33, DB, 57, 8B, 7D, 08, 89, 5D, F8, 89, 5D, F4, 89, 5D, FC, 85, FF, 75, 18, E8, 89, 1C, 00, 00, 6A, 16, 5E, 89, 30, E8, CA, F0, FF, FF, 8B, C6, 5F, 5E, 5B, 8B...
 
[+]

Code size:
346.5 KB (354,816 bytes)

Shell Open Command
Open type:
ftp

Command:
"C:\Program Files\crossbrowse\crossbrowse\application\crossbrowse.exe" -- "%1"


The file crossbrowse.exe has been discovered within the following programs.

Crossbrowse  by CLARALABSOFTWARE
87% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a96-17-182-51.deploy.akamaitechnologies.com  (96.17.182.51:443)

TCP (HTTP SSL):
Connects to a96-17-182-49.deploy.akamaitechnologies.com  (96.17.182.49:443)

TCP (HTTP SSL):
Connects to a96-17-182-42.deploy.akamaitechnologies.com  (96.17.182.42:443)

TCP (HTTP SSL):
Connects to cache.google.com  (212.19.24.236:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-lax3.fbcdn.net  (157.240.11.22:443)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.10:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-cai1.fbcdn.net  (31.13.88.8:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-cai1.facebook.com  (31.13.88.36:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-frt3.facebook.com  (31.13.92.36:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-frt3.fbcdn.net  (31.13.92.14:443)

TCP (HTTP SSL):
Connects to ec2-35-156-203-25.eu-central-1.compute.amazonaws.com  (35.156.203.25:443)

TCP (HTTP SSL):
Connects to 62-209-30-38.wimax.bb.zain.com  (62.209.30.38:443)

TCP (HTTP SSL):
Connects to ec2-23-21-57-51.compute-1.amazonaws.com  (23.21.57.51:443)

TCP (HTTP):
Connects to ec2-107-22-241-244.compute-1.amazonaws.com  (107.22.241.244:80)

TCP (HTTP SSL):
Connects to a23-35-36-201.deploy.static.akamaitechnologies.com  (23.35.36.201:443)

TCP (HTTP):
Connects to 69-30-255-70.hostmalabar.com  (69.30.255.70:80)

TCP (HTTP SSL):
Connects to server-52-84-246-237.sfo20.r.cloudfront.net  (52.84.246.237:443)

TCP (HTTP):
Connects to server-52-84-246-197.sfo20.r.cloudfront.net  (52.84.246.197:80)

TCP (HTTP):
Connects to sangria.parklogic.com  (50.28.32.162:80)

TCP (HTTP):
Connects to rtr3.l7.search.vip.sg3.yahoo.com  (106.10.162.43:80)

Remove crossbrowse.exe - Powered by Reason Core Security