» utils.exe
Overview
Analysis
File Details
Network (2)

utils.exe

The application utils.exe has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address hwcdn.net on port 80 using the HTTP protocol.

File name:

utils.exe

Version:

1.34.6.10

MD5:

19c3c8393e77df8990a602f90b64ea2d

SHA-1:

eff7147f80672c6a9d824ab814ec881307a48cc1

SHA-256:

a030ea5d3cd70f16713dacfe738d52e1c2d078b752f3a4d74cd121a7369a65cb

Scanner detections:

7 / 68

Status:

Adware

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/19/2024 4:44:09 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.MulDrop

2014.06.16

Baidu Antivirus

PUA.Win32.VMDetector

4.0.3.14615

Bkav FE

HW32.CDB

1.3.0.4959

ESET NOD32

Win32/Packed.VMDetector.E potentially unwanted application

7.0.302.0

Malwarebytes

PUP.Optional.CrossRider.A

v2014.06.15.11

Reason Heuristics

PUP.Crossrider.F

14.6.15.11

Trend Micro House Call

Suspici.ADAE9634

7.2.166

File size:

2.1 MB (2,202,481 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\Program Files\plus-hd-9.4\utils.exe

File PE Metadata

Compilation timestamp:

12/4/2012 3:55:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

49152:5aJUdFwStViSCe+BG4f+9cUr/vNzd9ztVSEPDH1934kPS5YY1u3K:E4FNViStgf+5dndr5S+33K

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Code size:

34.5 KB (35,328 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.1.124:80)

TCP (HTTP):

Connects to hwcdn.net (69.16.175.42:80)

Remove utils.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.