home

crossbrowse.exe

The application crossbrowse.exe has been detected as a potentially unwanted program by 32 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from dla.uloz.to.
MD5:
23860d5a4683be1981a6051bdab6352e

SHA-1:
42573930b1a7ec802f24c66d9e17d8e58ed9a644

SHA-256:
7fee0eea67d07cf05de235af1d8e3db497a8d813c45be58cb16c8291521be77b

Scanner detections:
32 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/19/2024 6:09:42 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.75522
5755524

Agnitum Outpost
Trojan.Rogue
7.1.1

Avira AntiVirus
TR/Dropper.Gen7
8.3.2.2

Arcabit
Trojan.Zusy.D12702
1.0.0.568

avast!
PUP-gen [PUP]
150913-1

AVG
Crossrider
2016.0.2964

Bitdefender
Gen:Variant.Zusy.75522
1.0.20.1395

Bkav FE
W32.BeloseaC.Trojan
1.3.0.7237

Dr.Web
infected with Trojan.Crossrider1.28946
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Zusy.75522
10.0.0.5366

ESET NOD32
multiple threats
7.0.302.0

Fortinet FortiGate
Riskware/CrossRider
10/6/2015

F-Prot
W32/S-d60a457c
v6.4.7.1.166

F-Secure
Gen:Variant.Zusy.75522
11.2015-06-10_3

G Data
Gen:Variant.Zusy.75522
15.10.25

K7 AntiVirus
Trojan
13.210.17437

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.1317

Malwarebytes
PUP.Optional.CrossBrowse
v2015.10.06.12

McAfee
Program.Adware-CrossB
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.207.2059.0

MicroWorld eScan
Gen:Variant.Zusy.75522
16.0.0.837

NANO AntiVirus
Trojan.Win32.Crossrider1.drpalf
0.30.26.3725

Norman
Gen:Variant.Zusy.75522
04.08.2015 10:30:46

Panda Antivirus
VBS/Autorun.BC.worm
15.10.06.12

Qihoo 360 Security
Win32/Trojan.9d5
1.0.0.1015

Rising Antivirus
PE:Backdoor.MSIL.Bladabindi!1.9E49[F1]
23.00.65.151004

Sophos
Virus 'Troj/Bbindi-W'
5.15

Total Defense
Win32/Armax.OVKTQIB
37.1.62.1

Trend Micro House Call
TROJ_GE.6CC34876
7.2.279

Trend Micro
TROJ_GE.6CC34876
10.465.06

VIPRE Antivirus
Threat.4150696
42326

ViRobot
Backdoor.Win32.A.Bifrose.40448.L[h]
2014.3.20.0

File size:
1.8 MB (1,933,193 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\crossbrowse.exe

File PE Metadata
Compilation timestamp:
3/17/2005 11:31:50 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:B1dlZoGY5Pl7icZgkLr2RRJzbRYE9IEQEaAPbNqgO51Tfb:B1dl2NuJXRBfQERPbNg1TT

Entry address:
0x7481

Entry point:
55, 8B, EC, 6A, FF, 68, F0, E7, 40, 00, 68, C4, AD, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 84, E0, 40, 00, 33, D2, 8A, D4, 89, 15, E0, 52, 41, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, DC, 52, 41, 00, C1, E1, 08, 03, CA, 89, 0D, D8, 52, 41, 00, C1, E8, 10, A3, D4, 52, 41, 00, 33, F6, 56, E8, F6, 23, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 16, 02, 00, 00, FF, 15, 80, E0, 40, 00, A3, E4, 69, 41, 00, E8...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
52 KB (53,248 bytes)

The file crossbrowse.exe has been seen being distributed by the following URL.

http://dla.uloz.to/Ps;Hs;fid=72536173;cid=986011618;rid=1417877923;up=0;uip=185.43.112.243;tm=1444276713;ut=f;aff=uloz.to;did=uloz-to;He;ch=21da2fcd9a8636394822e3b1c366e8ca;Pe/.../crossbrowse-exe?bD&c=986011618&De

Remove crossbrowse.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.