» utility.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Downloads (1)
Network (1)

utility.exe

York New Labs (Extreme White Limited)

The application utility.exe by York New Labs (Extreme White Limited) has been detected as a potentially unwanted program by 7 anti-malware scanners. This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler named Crossbrowse triggered to execute each time a user logs in. This file is typically installed with the program Crossbrowse by CLARALABSOFTWARE which is a potentially unwanted software program. The file has been seen being downloaded from dl.ourstaticdatastorage.com.

File name:

utility.exe

Publisher:

York New Labs (Extreme White Limited) (signed and verified)

Version:

106.0.0.0

MD5:

b57d60cd390792dc0650178631380918

SHA-1:

fecd679c159e80f7d00ec6b9ff1c99e118d28152

SHA-256:

aa485b5c6fe1e5618cfc8351975ef591d322762bbcde2e819cbf7528346d388b

Scanner detections:

7 / 68

Status:

Potentially unwanted

Analysis date:

5/16/2024 10:43:50 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen7

8.3.1.6

AVG

Win32/DH{gRJlfRMDICIlV04}

2016.0.3063

K7 AntiVirus

Unwanted-Program

13.205.16401

Kaspersky

HEUR:Trojan-Downloader.Win32.Generic

14.0.0.1809

Malwarebytes

PUP.Optional.Crossbrowse.C

v2015.06.30.06

Reason Heuristics

Win32.Generic.YorkNewLabsExtremeWhiteLimited.Task.Meta

15.6.30.6

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

File size:

1.9 MB (1,967,696 bytes)

Product version:

106.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\crossbrowse\crossbrowse\application\utility.exe

Digital Signature

Signed by:

York New Labs (Extreme White Limited)

Authority:

COMODO CA Limited

Valid from:

4/15/2015 2:00:00 AM

Valid to:

4/15/2016 1:59:59 AM

Subject:

CN=York New Labs (Extreme White Limited), O=York New Labs (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00927773AE2A990E6BEB7E5455470BEF66

File PE Metadata

Compilation timestamp:

6/28/2015 10:09:10 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:EFy+HGjS9SDTV2o88Ju+MisBcjLGTYpS4AcFV/ZGU42fILsclzG:QCj3K8JOisGLc8

Entry address:

0x12B6DE

Entry point:

E8, 48, 11, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 24, AE, 5C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 48, EE, 5B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 24, AE, 5C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01... 
[+]

Code size:

1.3 MB (1,410,048 bytes)

Scheduled Task

Task name:

Crossbrowse

Trigger:

Logon (Runs on logon)

The file utility.exe has been discovered within the following program.

Crossbrowse by CLARALABSOFTWARE

87% remove it

The file utility.exe has been seen being distributed by the following URL.

http://dl.ourstaticdatastorage.com/69/all/cp/.../setup.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.48.170:80)

Remove utility.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.