» utils.exe
Overview
Analysis
File Details
Programs (1)

utils.exe

The application utils.exe has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. This file is typically installed with the program video MediaPlay-Air by Robokid Technologies which is a potentially unwanted software program. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

utils.exe

Version:

1.34.7.1

MD5:

f90fd130d28e50f1af60feba7b5ed46f

SHA-1:

fa75042ce70ae54cf54dc36cba5d451024436a1f

SHA-256:

4e481445ad348e2a5306dfe71b1f034b21b77e7c264696d0063570c33be23819

Scanner detections:

6 / 68

Status:

Adware

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/16/2024 9:07:20 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Solimba

2014.07.24

Bkav FE

HW32.CDB

1.3.0.4959

IKARUS anti.virus

PUA.PlusHD

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.crossRider.A

v2014.07.24.02

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Reason Heuristics

PUP.Crossrider.F

14.7.24.2

File size:

2.1 MB (2,213,569 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\Program Files\video mediaplay-air\utils.exe

File PE Metadata

Compilation timestamp:

12/5/2012 12:25:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

49152:U7UKRRnNxHsfzoZI5sdrxa/bk6B4qeZ8A1EwbheJf7AqW5:8RlNpioCB4qeZCYheJMqW5

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.9850 (probably packed)

Code size:

34.5 KB (35,328 bytes)

The file utils.exe has been discovered within the following program.

video MediaPlay-Air by Robokid Technologies

video MediaPlay-Air (Freeven) is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.

crossrider.com/install/59599-video-mediaplayer

83% remove it

Remove utils.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.