» object browser-bg.exe
Overview
Analysis
File Details

object browser-bg.exe

Krance Development

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application object browser-bg.exe, “Object Browser exe” by Krance Development has been detected as adware by 33 anti-malware scanners. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Object Browser (signed by Krance Development)

Product:

Object Browser

Description:

Object Browser exe

Version:

1000.1000.1000.1000

MD5:

ebeff57956b057a81a72f567f66bc26c

SHA-1:

a134b2058210fc8f2a4e55c1bad0ed30ca7d2053

SHA-256:

9128671ece8c9d621cbc550e544e419ab73a2b279120754fa632bea1702110e6

Scanner detections:

33 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Krance Development.

Analysis date:

4/25/2024 11:24:19 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.Su1@kKRLR0ei

6213306

AhnLab V3 Security

PUP/Win32.CrossRider

2014.10.17

Avira AntiVirus

Adware/CrossRider.pq

7.11.173.122

avast!

Win32:Crossrider-AI [PUP]

141214-1

AVG

Generic

2015.0.3253

Baidu Antivirus

Adware.NSIS.Adwapper

4.0.3.141221

Bitdefender

Gen:Variant.Adware.Kazy.374109

1.0.20.1775

Clam AntiVirus

Win.Adware.Agent-20216

0.98/21411

Dr.Web

Trojan.Crossrider.36664

9.0.1.0355

Emsisoft Anti-Malware

Gen:Application.Heur.Su1@kKRLR0ei

9.0.0.4668

ESET NOD32

Win32/Toolbar.CrossRider.BA potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/Adwapper

12/21/2014

F-Prot

W32/A-ea13b6b6

v6.4.7.1.166

F-Secure

Riskware.Gen:Application.Heur.Su1@kKRLR0ei

5.13.68

G Data

Win32.Adware.Crossrider

14.12.24

IKARUS anti.virus

Trojan.GoogUpdate

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.183.13432

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.2760

Malwarebytes

PUP.Optional.ObjectBrowser.A

v2014.12.21.11

McAfee

Artemis!04FD85CB3C62

5600.6909

MicroWorld eScan

Gen:Variant.Adware.Kazy.374109

15.0.0.1065

NANO AntiVirus

Riskware.Win32.CrossRider.dedwag

0.28.2.61861

Norman

Gen:Application.Heur.Su1@kKRLR0ei

04.12.2014 14:30:06

Panda Antivirus

Trj/Genetic.gen

14.12.21.11

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Quick Heal

AdWare.NSIS.r5 (Not a Virus)

12.14.14.00

Reason Heuristics

PUP.Crossrider.KranceDevelopment.R

14.12.21.23

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141219

Sophos

AppRider

4.98

Trend Micro House Call

TROJ_GEN.F0C2H00I414

7.2.355

Vba32 AntiVirus

AdWare.Adwapper

3.12.26.3

VIPRE Antivirus

Threat.4789396

33624

Zillya! Antivirus

Adware.Adwapper.Win32.215

2.0.0.1927

File size:

709.9 KB (726,944 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Object Browser.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\object browser\object browser-bg.exe

Digital Signature

Signed by:

Krance Development

Authority:

COMODO CA Limited

Valid from:

8/27/2014 8:00:00 PM

Valid to:

8/28/2015 7:59:59 PM

Subject:

CN=Krance Development, O=Krance Development, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2F8A4746EB05936853BC17805C72D300

File PE Metadata

Compilation timestamp:

9/30/2014 3:37:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:gR/WyK2fBXcKj3wgSaP8+1DZ8aeBpMEtTugmTYUyk:wegFXlP9ktTuXTqk

Entry address:

0x64FAC

Entry point:

E8, 9B, CD, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 60, A0, 4A, 00, E8, 4E, 49, 00, 00, E8, C2, 1C, 00, 00, 0F, B7, F0, 6A, 02, E8, 2E, CD, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 6C, 51, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4605

Code size:

569 KB (582,656 bytes)

Remove object browser-bg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.