home

CrossReader

Publisher Information

CrossReader is a brand of the Sambreel/Yontoo group, a web advertising company located in Carlsbad, CA. The company is a primary distributor of unwanted software. It is part of the Yontoo/Sambreel group and distributes web browser add-ons, typically potentially unwanted and adware in nature, that are designed to modify a user's typical search beahvior as well as display context and popup advertising.
Authority:
VeriSign, Inc.

Valid from:
5/12/2013 8:00:00 PM

Valid to:
4/3/2014 7:59:59 PM

Subject:
CN=CrossReader, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CrossReader, L=Jerusalem, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
44b7fce292b0132cdbb928bbece361d7

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.CrossReader.M, PUP.CrossReader.z, PUP.CrossReader.G, PUP.CrossReader.Z, PUP.Yontoo.CrossReader.Installer (M), PUP.Yontoo.CrossRea.Installer (M), PUP.Yontoo (M)
100.00%

Malwarebytes
PUP.Optional.CrossRider
46.15%

Dr.Web
infected with Trojan.Crossrider.10, infected with Trojan.Crossrider.2
38.46%

Bkav FE
HW32.CDB, HW32.Packed
30.77%

Agnitum Outpost
Riskware.ScrambleWrapper
30.77%

ESET NOD32
Win32/Packed.ScrambleWrapper, Win32/Packed.ScrambleWrapper (variant)
30.77%

Trend Micro House Call
TROJ_GEN.F47V1031, TROJ_GEN.F47V1110, Suspici.D1F5E19F
23.08%

NANO AntiVirus
Trojan.Win32.Crossrider.dbxnmn, Trojan.Win32.Crossrider.dgyitw, Trojan.Nsis.Downloader.dgzezj
23.08%

ESET NOD32
Win32/Packed.ScrambleWrapper.D potentially unwanted application
15.38%

Kaspersky
not-a-virus:HEUR:AdWare.NSIS.Adwapper
15.38%

1 / 68      (Adware)
crossreader5.exe (Hmvbo by Sgetidxvtca)  (670e0069d867b62e6f83fd42840e6aae)

1 / 68      (Adware)
awh923f.tmp (Kdheugjazsz by Hpkdctcjjafxl)  (5352beb4667885f9b7b87be0baec6355)

1 / 68      (Adware)
crossreader.exe (Bbhcjov by Lyhzmyrz)  (b35b78d1772e9f41a76c69416d61a144)

1 / 68      (Adware)
crossreader extension 3.0.9 for iron source 2 silent signed.exe (Kelyttrzobj by Jnhubxwmtzza)  (91bb1c0b6a1bfbf1c7ce39e3d2367493)

1 / 68      (Adware)
crossreader extension 3.0.9 for iron source 4 silent signed.exe (Axhutgicz by Esrwds)  (4221ed304c27f11c64d1d20e82317d6f)

1 / 68      (Adware)
crossreaderchromeaddon.msi  (e9b07f659aef593dd50854a2dab7533e)

9 / 68      (Adware)
crossreader extension 3.0.9 for iron source 1 silent signed.exe (Norhlh by Nvsmkilekr)  (b57f82143eb248d61c14d730e2dc82ae)

10 / 68    (Adware)
crossreader3.exe (Vdagweqduppmza by Mhjajci)  (790e72e52175f4dff102bdf819774fea)

1 / 68      (Adware)
Custom.dll (CrossReader Google Chrome Instller by CrossReader)  (1b2d5e699f7d2af907ae3fdb7f814e8d)

4 / 68      (Adware)
crossreader4.exe (Xevtl by Eolehajx)  (ffedca0646d9300a5d338387cc22de6a)

7 / 68      (Adware)
crossreader extension 3.0.9 for iron source 3 silent signed.exe (Urpkgqdfbe by Bwhsqeqkqijtfp)  (4adae89f213a0b0f89f29edb7ae7b6dc)

5 / 68      (Adware)
crossreader2.exe (Hwudrii by Qjhftq)  (4de620ee28d7700e670bef09b19e6f0f)

6 / 68      (Adware)
crossreader1.exe (Popcimsliremy by Bdmrmwgqvi)  (07da648ce967dcbdd962fcc72a4467f1)

* Note, the details and description above are based on the code signing digital signature issued to CrossReader by VeriSign, Inc. on May 12, 2013 with the serial number '44b7fce292b0132cdbb928bbece361d7'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.