crossbrowse.exe

Crossbrowse

The application crossbrowse.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Crossbrowse by CLARALABSOFTWARE which is a potentially unwanted software program. The file has been seen being downloaded from dla.uloz.to. While running, it connects to the Internet address server-54-192-59-185.gru1.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Crossbrowse

Product:
Crossbrowse

Version:
39.4.2171.95

MD5:
ca21045a4b7a53fb95e6c9f0a7b31614

SHA-1:
aafaf58d076eb0f684b68161015f5b7be90abcae

SHA-256:
8ef2b465ea79b3e2a8e632b50b6518672328ae0d24680680cb91feb9200b869b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
10/21/2017 6:42:35 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Crossbrowse.Meta
15.6.16.0

File size:
622.5 KB (637,440 bytes)

Product version:
39.4.2171.95

Copyright:
Copyright 2015 Crossbrowse. All rights reserved.

Original file name:
crossbrowse.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\crossbrowse\crossbrowse\application\crossbrowse.exe

File PE Metadata
Compilation timestamp:
3/5/2015 3:01:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:khwR5wEiLccCCW7ptPOyBRQGqJT6zqvjhxPWVQKKkLzoxYLuEr7fZJ:khc6JXGqN6O1JQQyCEXZ

Entry address:
0x3CE04

Entry point:
E8, 5B, B2, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 83, EC, 14, 53, 56, 33, DB, 57, 8B, 7D, 08, 89, 5D, F8, 89, 5D, F4, 89, 5D, FC, 85, FF, 75, 18, E8, 89, 1C, 00, 00, 6A, 16, 5E, 89, 30, E8, CA, F0, FF, FF, 8B, C6, 5F, 5E, 5B, 8B...
 
[+]

Entropy:
6.2477

Code size:
346.5 KB (354,816 bytes)

The file crossbrowse.exe has been discovered within the following programs.

Crossbrowse  by CLARALABSOFTWARE
87% remove it
 
Powered by Should I Remove It?

The file crossbrowse.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-vie1.facebook.com  (31.13.84.36:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-vie1.facebook.com  (31.13.84.8:443)

TCP (HTTP SSL):
Connects to ec2-54-148-6-21.us-west-2.compute.amazonaws.com  (54.148.6.21:443)

TCP (HTTP SSL):
Connects to a23-219-64-166.deploy.static.akamaitechnologies.com  (23.219.64.166:443)

TCP (HTTP SSL):
Connects to ec2-50-19-232-63.compute-1.amazonaws.com  (50.19.232.63:443)

TCP (HTTP SSL):
Connects to ec2-23-21-57-51.compute-1.amazonaws.com  (23.21.57.51:443)

TCP (HTTP SSL):
Connects to ec2-184-72-233-150.compute-1.amazonaws.com  (184.72.233.150:443)

TCP (HTTP SSL):
Connects to cache.google.com  (91.245.214.176:443)

TCP (HTTP):
Connects to a23-219-203-247.deploy.static.akamaitechnologies.com  (23.219.203.247:80)

TCP (HTTP):
Connects to vip080.ssl.hwcdn.net  (205.185.208.80:80)

TCP (HTTP SSL):
Connects to ec2-52-201-129-224.compute-1.amazonaws.com  (52.201.129.224:443)

TCP (HTTP SSL):
Connects to dsde227.fornex.org  (212.224.113.30:443)

TCP (HTTP SSL):
Connects to c8a06899.virtua.com.br  (200.160.104.153:443)

TCP (HTTP SSL):
Connects to c8a0688b.virtua.com.br  (200.160.104.139:443)

TCP (HTTP SSL):
Connects to c8a06888.virtua.com.br  (200.160.104.136:443)

TCP (HTTP SSL):
Connects to a23-219-73-192.deploy.static.akamaitechnologies.com  (23.219.73.192:443)

TCP (HTTP SSL):
Connects to a23-219-193-151.deploy.static.akamaitechnologies.com  (23.219.193.151:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to server-54-192-36-56.jfk1.r.cloudfront.net  (54.192.36.56:443)

TCP (HTTP SSL):
Connects to origin.blu180.mail.live.com  (65.55.118.92:443)

Remove crossbrowse.exe - Powered by Reason Core Security