home

crossbrowser.exe

CrossBrowser

CLARALABSOFTWARE

The application crossbrowser.exe by CLARALABSOFTWARE has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program CrossBrowser by CLARALABSOFTWARE which is a potentially unwanted software program. While running, it connects to the Internet address 50.75.c0ad.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
The CrossBrowser Authors  (signed by CLARALABSOFTWARE)

Product:
CrossBrowser

Version:
36.0.1985.137

MD5:
6b14492d806bfde1e377f335f5f3003b

SHA-1:
a495518b1366badad4e389e6f7346185142b3c78

SHA-256:
1d7c956e6e7748899f6e8f63bb6eca7d47a9f7b92a6e0cfe5fd9e5a12ff407fe

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/16/2024 9:34:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CLARALABSOFTWARE.M
14.12.31.6

File size:
631.9 KB (647,080 bytes)

Product version:
36.0.1985.137

Copyright:
Copyright 2014 The CrossBrowser Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\crossbrowser\application\crossbrowser.exe

Digital Signature
Signed by:
CLARALABSOFTWARE

Authority:
GoDaddy.com, Inc.

Valid from:
12/17/2014 3:11:04 PM

Valid to:
12/17/2015 3:11:04 PM

Subject:
CN=CLARALABSOFTWARE, O=CLARALABSOFTWARE, L=Paris, C=FR

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B0709ADBE1F3C

File PE Metadata
Compilation timestamp:
12/22/2014 10:28:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:xoCYkxgzs9QIuNP8FK/+8svMUOgWoczdXBzrYsY29M0oHYZOw:xoXo1JMMalp7Mw9

Entry address:
0x3DA6F

Entry point:
E8, 70, A8, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 83, EC, 14, 53, 56, 33, DB, 57, 8B, 7D, 08, 89, 5D, F8, 89, 5D, F4, 89, 5D, FC, 85, FF, 75, 18, E8, F8, 1D, 00, 00, 6A, 16, 5E, 89, 30, E8, 9A, EC, FF, FF, 8B...
 
[+]

Code size:
350.5 KB (358,912 bytes)

The file crossbrowser.exe has been discovered within the following programs.

CrossBrowser  by CLARALABSOFTWARE
About 60% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 50.75.c0ad.ip4.static.sl-reverse.com  (173.192.117.80:80)

TCP (HTTP):
Connects to 57.9d.a86c.ip4.static.sl-reverse.com  (108.168.157.87:80)

Remove crossbrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.