» utils.exe
Overview
Analysis
File Details
Programs (1)

utils.exe

The application utils.exe has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. This file is typically installed with the program Torntv V9.0 by InstallDaddy Services Ltd. which is a potentially unwanted software program. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

utils.exe

Version:

1.34.7.1

MD5:

1e41ba0963874428fd95c0d4c68ca863

SHA-1:

b49a405454cb131c53fe576920626e66651784d7

SHA-256:

0fa17e2316d71efe079eb80e3599809b39296e3f675294587c8887201be79a34

Scanner detections:

13 / 68

Status:

Adware

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/24/2024 10:15:55 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

AdWare.NSIS.Indirect

2.1.4+

AhnLab V3 Security

PUP/Win32.Solimba

2014.10.31

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.182.124

AVG

MultiBundle

2015.0.3305

Bkav FE

HW32.Packed

1.3.0.6185

ESET NOD32

Win32/Packed.VMDetector

8.10647

G Data

NSIS.Adware.Crossrider

14.10.24

Malwarebytes

PUP.Optional.CrossRider

v2014.10.30.08

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Reason Heuristics

PUP.Crossrider.F

14.10.28.16

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141028

Trend Micro House Call

Suspici.450F5936

7.2.303

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

File size:

2.2 MB (2,278,266 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\Program Files\torntv v9.0\utils.exe

File PE Metadata

Compilation timestamp:

12/4/2012 6:55:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

49152:7WBjfZtL0f3KOewGd9PdzBQTpks0SycApaNZkVsOfw5txd2U6+:SBTDgf3KOf09l1CkSy3srOInxF6+

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.9870 (probably packed)

Code size:

34.5 KB (35,328 bytes)

The file utils.exe has been discovered within the following program.

Torntv V9.0 by InstallDaddy Services Ltd.

This is a potentially unwanted program (PUP) that bundles various additional offers during setup, typically ad-supported (adware) in functionality.

88% remove it

Remove utils.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.