» crossloop-2.82.exe
Overview
Analysis
File Details
Downloads (1)

crossloop-2.82.exe

CrossLoop

Innovative Systems LLC

The application crossloop-2.82.exe by Innovative Systems has been detected as adware by 54 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from ar.joydownload.com.

File name:

crossloop-2.82.exe

Publisher:

Innovative Systems LLC (signed and verified)

Product:

CrossLoop

Version:

1.0.0.0

MD5:

fef861b1a3fb10db0d74d1d53335685c

SHA-1:

a7f141deb3dfa7d188403e0e3d0341c6f09d7c8a

SHA-256:

932afab94de3174db98c1ce8f8f6953f846173f00b5a3069e5a6a4abdf96d779

Scanner detections:

54 / 68

Status:

Adware

Analysis date:

4/26/2024 11:31:51 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Runouce.B@mm

979

Agnitum Outpost

I-Worm.Chir.B

7.1.1

Avira AntiVirus

W32/Chir.B

7.11.141.48

avast!

Win32:Oncer

2014.9-140601

AVG

Win32/Chir.B@mm

2015.0.3457

Baidu Antivirus

Virus.Win32.Runouce.$a

4.0.3.1461

Bitdefender

Win32.Runouce.B@mm

1.0.20.760

Bkav FE

W32.ChirBPE

1.3.0.4959

Clam AntiVirus

WIN.Worm.Brontok

0.98/18355

Comodo Security

EmailWorm.Win32.Runonce.~v001

18044

Dr.Web

Win32.Runonce.6652

9.0.1.0152

Emsisoft Anti-Malware

Win32.Runouce.B@mm

8.14.06.01.06

ESET NOD32

Win32/Chir

8.9634

Fortinet FortiGate

W32/Chir.B@mm

6/1/2014

F-Prot

W32/Thecid.B@mm

v6.4.7.1.166

F-Secure

Win32.Runouce.B@mm

11.2014-01-06_1

G Data

Win32.Runouce.B@mm

14.6.24

K7 AntiVirus

EmailWorm

13.176.11652

Kaspersky

Email-Worm.Win32.Runouce

14.0.0.3779

Malwarebytes

Virus.Chir

v2014.06.01.06

McAfee

W32/Chir.b@MM

5600.7113

Microsoft Security Essentials

Virus:Win32/Chir.B@mm

1.10401

MicroWorld eScan

Win32.Runouce.B@mm

15.0.0.456

NANO AntiVirus

Virus.Win32.Runouce.bxafx

0.28.0.58873

Norman

Malware

11.20140601

nProtect

Win32.Runouce.B@mm

14.04.03.01

Panda Antivirus

W32/Chir.B

14.06.01.06

Qihoo 360 Security

Virus.Win32.CNHacker.C

1.0.0.1015

Quick Heal

W32.Runouce.B

6.14.12.00

Reason Heuristics

PUP.InnovativeSystems.N

14.6.12.9

Rising Antivirus

PE:Worm.ChineseHacker-2!23772

23.00.65.14530

Sophos

W32/Chir-A

4.98

Total Defense

Win32/Chir.B

37.0.10856

Trend Micro House Call

PE_Chir.B

7.2.152

Trend Micro

PE_Chir.B

10.465.01

Vba32 AntiVirus

Virus.Win32.Chur.A

3.12.26.0

VIPRE Antivirus

Win32.chir.b

28008

ViRobot

Win32.Chir.B

2011.4.7.4223

File size:

470.4 KB (481,728 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\crossloop-2.82.exe

Digital Signature

Signed by:

Innovative Systems LLC

Authority:

VeriSign, Inc.

Valid from:

5/18/2014 5:00:00 PM

Valid to:

5/19/2015 4:59:59 PM

Subject:

CN=Innovative Systems LLC, O=Innovative Systems LLC, L=Dnepropetrovsk, S=Dnepropetrovska oblast, C=UA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

450EACFE8D673E82864CE46BC1A92FCA

File PE Metadata

Compilation timestamp:

5/19/2013 4:52:54 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:kaC16v3AaavFhjs17FEUDTTup+Ts9PJYz5jtNcB+/TRfk:C1YwFFhm7FjDHuzJYz5jtXTBk

Entry address:

0x31B1

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 58, 92, 42, 00, E8, 90, 2E, 00, 00, A3, A4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 58, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, A0, 81, 42, 00, E8, FB, 2A, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, E9, 2A, 00, 00... 
[+]

Entropy:

7.8806

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file crossloop-2.82.exe has been seen being distributed by the following URL.

http://ar.joydownload.com/wi/IM8xonakx4JhmIf-rT84GA/1401568210/1/10/1/.../crossloop-2.82.exe

Remove crossloop-2.82.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.