» utility.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (9)

utility.exe

City Center Games (Extreme White Limited)

The application utility.exe by City Center Games (Extreme White Limited) has been detected as adware by 11 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named Crossbrowse triggered to execute each time a user logs in. This file is typically installed with the program Crossbrowse by CLARALABSOFTWARE which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

utility.exe

Publisher:

City Center Games (Extreme White Limited) (signed and verified)

Version:

106.0.0.0

MD5:

8d3e4693f68ec543ba2cfa70750ce24d

SHA-1:

02199c970abc4c0056d225840f0d8b2f5e513670

SHA-256:

d3ba8b7117903fd73684db59d6a9576a0421cc6b8ccff7afeb4b31a71a3f757f

Scanner detections:

11 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/25/2024 5:41:19 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.1957464.2

8.3.1.6

AVG

Win32/DH{gRJlfRMDICIlAFdO}

2016.0.3096

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.15528

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Trojan.Crossrider1.31292

9.0.1.05190

ESET NOD32

Win32/Toolbar.CrossRider.CN potentially unwanted application

7.0.302.0

Kaspersky

HEUR:Trojan-Downloader.Win32.Generic

14.0.0.1975

Malwarebytes

PUP.Optional.CrossBrowse

v2015.05.28.01

Reason Heuristics

PUP.installCore.CityCenterGamesExtremeWhiteLimited

15.5.28.0

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

VIPRE Antivirus

Adware.Crossid

40738

File size:

1.9 MB (1,957,464 bytes)

Product version:

106.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\crossbrowse\crossbrowse\application\utility.exe

Digital Signature

Signed by:

City Center Games (Extreme White Limited)

Authority:

COMODO CA Limited

Valid from:

4/14/2015 9:00:00 PM

Valid to:

4/14/2016 8:59:59 PM

Subject:

CN=City Center Games (Extreme White Limited), O=City Center Games (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00808728FFBF020E8929813B59AA2EC529

File PE Metadata

Compilation timestamp:

5/26/2015 5:53:54 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:GpsxPSYkjHgAg8hJpiHWUiqxTapSUsf0SXuoFv8FTZ:O8PS44hJwHqq9k

Entry address:

0x129B6E

Entry point:

E8, 48, 11, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 24, 8E, 5C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 48, CE, 5B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 24, 8E, 5C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01... 
[+]

Code size:

1.3 MB (1,401,856 bytes)

Scheduled Task

Task name:

Crossbrowse

Trigger:

Logon (Runs on logon)

The file utility.exe has been discovered within the following program.

Crossbrowse by CLARALABSOFTWARE

87% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to lb-182-252.above.com (103.224.182.252:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.19.12:80)

TCP (HTTP):

Connects to ec2-54-243-173-91.compute-1.amazonaws.com (54.243.173.91:80)

TCP (HTTP):

Connects to ec2-50-17-235-124.compute-1.amazonaws.com (50.17.235.124:80)

TCP (HTTP):

Connects to ec2-50-17-225-21.compute-1.amazonaws.com (50.17.225.21:80)

TCP (HTTP):

Connects to ec2-23-23-162-52.compute-1.amazonaws.com (23.23.162.52:80)

TCP (HTTP):

Connects to ec2-23-23-143-191.compute-1.amazonaws.com (23.23.143.191:80)

TCP (HTTP):

Connects to ec2-23-21-203-159.compute-1.amazonaws.com (23.21.203.159:80)

TCP (HTTP):

Connects to ec2-107-21-111-236.compute-1.amazonaws.com (107.21.111.236:80)

Remove utility.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.