» utils.exe
Overview
Analysis
File Details
Programs (1)

utils.exe

The application utils.exe has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. This file is typically installed with the program Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

utils.exe

Version:

1.34.7.29

MD5:

26827b62f4e7197d95eb1705c68cc7c2

SHA-1:

fbe557b30802252a4d263f25919430de131b7418

SHA-256:

7674d98b47c710302382272d22cad4500b33ba40de4c519d20ed34c4dad89008

Scanner detections:

16 / 68

Status:

Adware

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/25/2024 10:06:59 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

AdWare.NSIS.Indirect

2.1.4+

Agnitum Outpost

Riskware.VMDetector

7.1.1

AhnLab V3 Security

PUP/Win32.MulDrop

2014.10.31

AVG

Could be an adware MultiBundle

2014.0.4189

Baidu Antivirus

PUA.Win32.VMDetector

4.0.3.141031

Dr.Web

infected with Trojan.Crossrider.28030

9.0.1.05190

ESET NOD32

Win32/Packed.VMDetector

8.10648

G Data

NSIS.Adware.Crossrider

14.10.24

IKARUS anti.virus

AdWare.CrossRider

t3scan.1.8.3.0

Malwarebytes

PUP.Optional.CrossRider.A

v2014.10.31.04

McAfee

Artemis!85ED7044492D

5600.6961

NANO AntiVirus

Trojan.Win32.Crossrider.ddycmh

0.28.6.62995

Reason Heuristics

PUP.Crossrider.F

14.10.30.16

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141029

Trend Micro House Call

Suspici.DEEC039A

7.2.304

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

File size:

2.3 MB (2,382,897 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\Program Files\object browser\utils.exe

File PE Metadata

Compilation timestamp:

12/4/2012 4:55:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

49152:/EsykiNVfmXBBVdfC1kfhiOHAo3rUzrqaEdYC39X4S:sHkMfmRBppi0bQAdYCNX4S

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.9868 (probably packed)

Code size:

34.5 KB (35,328 bytes)

The file utils.exe has been discovered within the following program.

Object Browser by Object Browser

Object Browser is an adware style application that runs in the web browser as a toolbar and web extension.

66% remove it

Remove utils.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.