home

utils.exe

Qfvevw LTD

The application utils.exe has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Qfvevw LTD

Description:
Syhsmplmqihfym

Version:
1.36.01.22

MD5:
94a97204a79c34ffb6a0322f84009c0a

SHA-1:
7f39f53807d4c7db396b95f37bece09ff3cde553

SHA-256:
ba45047bf4f28dadef8d27b44eec862ea68ca920064edc6bb3e885b7e9cf6d59

Scanner detections:
27 / 68

Status:
Adware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
4/26/2024 8:00:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Parj.1
647

Agnitum Outpost
Riskware.VMDetector
7.1.1

AhnLab V3 Security
PUP/Win32.CrossRider
2015.03.29

avast!
NSIS:Crossrider-CY [PUP]
2014.9-150428

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15428

Bitdefender
Gen:Application.Parj.1
1.0.20.590

Dr.Web
Trojan.Crossrider1.22119
9.0.1.0118

Emsisoft Anti-Malware
Trojan.Generic.13020665
8.15.04.28.03

ESET NOD32
Win32/Packed.VMDetector.I potentially unwanted
9.11392

Fortinet FortiGate
PossibleThreat
4/28/2015

F-Secure
Trojan.Generic.13020665
11.2015-28-04_3

G Data
Gen:Application.Parj
15.4.25

K7 AntiVirus
Trojan
13.202.15414

Kaspersky
not-a-virus:AdWare.Win32.CrossRider
14.0.0.2122

McAfee
Artemis!94A97204A79C
5600.6781

MicroWorld eScan
Gen:Application.Parj.1
16.0.0.354

NANO AntiVirus
Trojan.Win32.Crossrider1.dpkgui
0.30.8.659

nProtect
Trojan.Generic.13020665
15.03.27.01

Panda Antivirus
Trj/Genetic.gen
15.04.28.03

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Downloader.Installer
15.4.28.11

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.15426

Sophos
Generic PUA HP
4.98

Trend Micro House Call
TROJ_GEN.R021C0ECM15
7.2.118

Trend Micro
TROJ_GEN.R021C0ECM15
10.465.28

VIPRE Antivirus
Trojan.Win32.Generic
38850

Zillya! Antivirus
Adware.CrossRider.Win32.4105
2.0.0.2120

File size:
2.3 MB (2,400,976 bytes)

Copyright:
Copyright Rkbtwtptamn

Trademarks:
Tqgxkosq is a trademark of Ojhowee

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\Program Files\cinemap-1.8cv16.03\utils.exe

File PE Metadata
Compilation timestamp:
12/4/2012 3:55:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
49152:tjwj58XUQ9fSQcY7TokiVXzYPtBcPS6ztohaH5JszvpdEccCp1Vo:AAUQ9cYBYGtBc9toha5SdEccp

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9869  (probably packed)

Code size:
34.5 KB (35,328 bytes)

Remove utils.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.