» utils.exe
Overview
Analysis
File Details
Programs (1)

utils.exe

The application utils.exe has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. This file is typically installed with the program Radio Canyon by Bright circle investments Ltd. which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

utils.exe

Version:

1.35.9.29

MD5:

fbbda8d97c163e37b4844e5e19f58189

SHA-1:

19895784047d771033435289f63e5b3d700666d9

Scanner detections:

13 / 68

Status:

Adware

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/18/2024 11:23:21 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AegisLab AV Signature

AdWare.NSIS.Indirect

2.1.4+

Agnitum Outpost

Riskware.VMDetector

7.1.1

AVG

MultiBundle

2015.0.3279

Baidu Antivirus

PUA.Win32.VMDetector

4.0.3.141126

Bkav FE

HW32.Packed

1.3.0.6185

Dr.Web

Trojan.Crossrider.36665

9.0.1.0330

ESET NOD32

Win32/Packed.VMDetector

8.10639

G Data

NSIS.Adware.Crossrider

14.11.24

Malwarebytes

PUP.Optional.CrossRider.A

v2014.11.26.11

NANO AntiVirus

Trojan.Win32.Crossrider.dhaodd

0.28.6.62995

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Crossrider.F

14.11.26.11

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

File size:

2.6 MB (2,676,760 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\Program Files\radio canyon\utils.exe

File PE Metadata

Compilation timestamp:

12/4/2012 5:55:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

49152:e0j/4uqWOssP4ZtAs/wqTelU+v50FivKPCM8LzxN4ilwKLDVAH5RB+drqLrdSA2P:NrvqlCtAs/w6elv0eN3RhAHp2AQL

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.9908 (probably packed)

Code size:

34.5 KB (35,328 bytes)

The file utils.exe has been discovered within the following program.

Radio Canyon by Bright circle investments Ltd.

Radio Canyon (Porter Studio Plus) is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

88% remove it

Remove utils.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.