» utils.exe
Overview
Analysis
File Details

utils.exe

The application utils.exe has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

utils.exe

Version:

1.34.8.12

MD5:

feea928967377f49f8b15899509bcbb5

SHA-1:

483f607539dcacac29f52755e82fe57bfbf1c405

SHA-256:

4ec60dd0a5e841dd4f821e1bbdb297b165f889b5ff64e5e1e8dea5cb3cc21a59

Scanner detections:

12 / 68

Status:

Adware

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/25/2024 8:27:07 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.VMDetector

7.1.1

AVG

Could be an adware MultiBundle

2014.0.4257

Baidu Antivirus

PUA.Win32.VMDetector

4.0.3.15131

Bkav FE

HW32.Packed

1.3.0.6379

Dr.Web

infected with Trojan.Crossrider.32337

9.0.1.05190

ESET NOD32

Win32/Packed.VMDetector.I potentially unwanted application

7.0.302.0

G Data

NSIS.Adware.Crossrider

15.1.25

IKARUS anti.virus

AdWare.CrossRider

t3scan.1.8.6.0

Malwarebytes

PUP.Optional.CrossRider.A

v2015.01.31.07

NANO AntiVirus

Trojan.Win32.Crossrider.derhbt

0.30.0.65070

Reason Heuristics

Adware.Crossrider

15.1.31.7

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.15129

File size:

2.3 MB (2,418,436 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\Program Files\cinamhdpurev9.5\utils.exe

File PE Metadata

Compilation timestamp:

12/4/2012 5:55:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

49152:TAwLUo0cStU2GAQxxqPEV6siz3cbi69G/b4xiKn5jh45KPV:Aot5Vfxye6N3R69MQn5945KPV

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.9876 (probably packed)

Code size:

34.5 KB (35,328 bytes)

Remove utils.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.