crossbrowser.exe

CrossBrowser

CLARALABSOFTWARE

The application crossbrowser.exe by CLARALABSOFTWARE has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program CrossBrowser by CLARALABSOFTWARE which is a potentially unwanted software program. While running, it connects to the Internet address mess6.wizzlabs.com on port 80 using the HTTP protocol.
Publisher:
The CrossBrowser Authors  (signed by CLARALABSOFTWARE)

Product:
CrossBrowser

Version:
36.0.1985.138

MD5:
e67d43e9676a7770d20d8492ba827d59

SHA-1:
4fbb5466a28a101b3d1b548595f0c0da570b661a

SHA-256:
a10193b2c3967a69dcb94763099ea7b50940667d607cb2896818e606c1df4455

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/11/2017 6:17:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CLARALABSOFTWARE
15.2.12.7

File size:
631.9 KB (647,080 bytes)

Product version:
36.0.1985.138

Copyright:
Copyright 2014 The CrossBrowser Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\crossbrowser\application\crossbrowser.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/17/2014 4:11:04 PM

Valid to:
12/17/2015 4:11:04 PM

Subject:
CN=CLARALABSOFTWARE, O=CLARALABSOFTWARE, L=Paris, C=FR

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B0709ADBE1F3C

File PE Metadata
Compilation timestamp:
1/13/2015 12:51:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:/x9w7cHQqtRBNrtjzx37mlprIrRzr2v6HH5dblgfYuOO67MYZOE:/xeavmrK2vqZD5OyJ

Entry address:
0x3DA5F

Entry point:
E8, 71, A8, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 83, EC, 14, 53, 56, 33, DB, 57, 8B, 7D, 08, 89, 5D, F8, 89, 5D, F4, 89, 5D, FC, 85, FF, 75, 18, E8, FA, 1D, 00, 00, 6A, 16, 5E, 89, 30, E8, 9A, EC, FF, FF, 8B...
 
[+]

Code size:
350.5 KB (358,912 bytes)

The file crossbrowser.exe has been discovered within the following programs.

CrossBrowser  by CLARALABSOFTWARE
About 60% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-184-168-221-51.ip.secureserver.net  (184.168.221.51:80)

TCP (HTTP):
Connects to ec2-23-23-112-220.compute-1.amazonaws.com  (23.23.112.220:80)

TCP (HTTP SSL):
Connects to 177.43.170.123.static.host.gvt.net.br  (177.43.170.123:443)

TCP (HTTP SSL):
Connects to ec2-54-197-254-9.compute-1.amazonaws.com  (54.197.254.9:443)

TCP (HTTP SSL):
Connects to www.driverscloud.com  (193.70.122.38:443)

TCP (HTTP SSL):
Connects to 187.115.146.30.static.host.gvt.net.br  (187.115.146.30:443)

TCP (HTTP SSL):
Connects to 177.43.170.103.static.host.gvt.net.br  (177.43.170.103:443)

TCP (HTTP SSL):
Connects to server-54-230-206-78.atl50.r.cloudfront.net  (54.230.206.78:443)

TCP (HTTP SSL):
Connects to ec2-54-243-155-116.compute-1.amazonaws.com  (54.243.155.116:443)

TCP (HTTP):
Connects to ec2-50-19-113-170.compute-1.amazonaws.com  (50.19.113.170:80)

TCP (HTTP SSL):
Connects to ec2-23-21-57-51.compute-1.amazonaws.com  (23.21.57.51:443)

TCP (HTTP SSL):
Connects to 187.115.146.25.static.host.gvt.net.br  (187.115.146.25:443)

TCP (HTTP SSL):
Connects to server-54-192-55-159.jfk6.r.cloudfront.net  (54.192.55.159:443)

TCP (HTTP SSL):
Connects to a201-016-134-145.deploy.akamaitechnologies.com  (201.16.134.145:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP):
Connects to mess5.wizzlabs.com  (176.31.106.195:80)

TCP (HTTP SSL):
Connects to a201-048-038-195.deploy.akamaitechnologies.com  (201.48.38.195:443)

TCP (HTTP SSL):
Connects to a201-048-038-187.deploy.akamaitechnologies.com  (201.48.38.187:443)

TCP (HTTP SSL):
Connects to a104-121-29-4.deploy.static.akamaitechnologies.com  (104.121.29.4:443)

TCP (HTTP):
Connects to mess7.wizzlabs.com  (188.165.210.24:80)

Remove crossbrowser.exe - Powered by Reason Core Security