home

crossbrowse.exe

Crossbrowse

The application crossbrowse.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Crossbrowse by CLARALABSOFTWARE which is a potentially unwanted software program. The file has been seen being downloaded from dla.uloz.to. While running, it connects to the Internet address server-54-192-59-185.gru1.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Crossbrowse

Product:
Crossbrowse

Version:
39.4.2171.95

MD5:
ca21045a4b7a53fb95e6c9f0a7b31614

SHA-1:
aafaf58d076eb0f684b68161015f5b7be90abcae

SHA-256:
8ef2b465ea79b3e2a8e632b50b6518672328ae0d24680680cb91feb9200b869b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 8:24:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Crossbrowse.Meta
15.6.16.0

File size:
622.5 KB (637,440 bytes)

Product version:
39.4.2171.95

Copyright:
Copyright 2015 Crossbrowse. All rights reserved.

Original file name:
crossbrowse.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\crossbrowse\crossbrowse\application\crossbrowse.exe

File PE Metadata
Compilation timestamp:
3/5/2015 3:01:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:khwR5wEiLccCCW7ptPOyBRQGqJT6zqvjhxPWVQKKkLzoxYLuEr7fZJ:khc6JXGqN6O1JQQyCEXZ

Entry address:
0x3CE04

Entry point:
E8, 5B, B2, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 83, EC, 14, 53, 56, 33, DB, 57, 8B, 7D, 08, 89, 5D, F8, 89, 5D, F4, 89, 5D, FC, 85, FF, 75, 18, E8, 89, 1C, 00, 00, 6A, 16, 5E, 89, 30, E8, CA, F0, FF, FF, 8B, C6, 5F, 5E, 5B, 8B...
 
[+]

Entropy:
6.2477

Code size:
346.5 KB (354,816 bytes)

The file crossbrowse.exe has been discovered within the following programs.

Crossbrowse  by CLARALABSOFTWARE
87% remove it
 
Powered by Should I Remove It?

The file crossbrowse.exe has been seen being distributed by the following URL.

http://dla.uloz.to/Ps;Hs;fid=73484191;cid=986011618;rid=2022872721;up=0;uip=185.43.112.243;tm=1444277015;ut=f;aff=uloz.to;did=uloz-to;He;ch=46a17cdc8933ad166236ba76f04bad0b;Pe/.../crossbrowse-exe?bD&c=986011618&De

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-vie1.facebook.com  (31.13.84.36:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-vie1.facebook.com  (31.13.84.8:443)

TCP (HTTP SSL):
Connects to ec2-54-148-6-21.us-west-2.compute.amazonaws.com  (54.148.6.21:443)

TCP (HTTP SSL):
Connects to a23-219-64-166.deploy.static.akamaitechnologies.com  (23.219.64.166:443)

TCP (HTTP SSL):
Connects to ec2-50-19-232-63.compute-1.amazonaws.com  (50.19.232.63:443)

TCP (HTTP SSL):
Connects to ec2-23-21-57-51.compute-1.amazonaws.com  (23.21.57.51:443)

TCP (HTTP SSL):
Connects to ec2-184-72-233-150.compute-1.amazonaws.com  (184.72.233.150:443)

TCP (HTTP SSL):
Connects to cache.google.com  (91.245.214.176:443)

TCP (HTTP):
Connects to a23-219-203-247.deploy.static.akamaitechnologies.com  (23.219.203.247:80)

TCP (HTTP):
Connects to vip080.ssl.hwcdn.net  (205.185.208.80:80)

TCP (HTTP SSL):
Connects to ec2-52-201-129-224.compute-1.amazonaws.com  (52.201.129.224:443)

TCP (HTTP SSL):
Connects to dsde227.fornex.org  (212.224.113.30:443)

TCP (HTTP SSL):
Connects to c8a06899.virtua.com.br  (200.160.104.153:443)

TCP (HTTP SSL):
Connects to c8a0688b.virtua.com.br  (200.160.104.139:443)

TCP (HTTP SSL):
Connects to c8a06888.virtua.com.br  (200.160.104.136:443)

TCP (HTTP SSL):
Connects to a23-219-73-192.deploy.static.akamaitechnologies.com  (23.219.73.192:443)

TCP (HTTP SSL):
Connects to a23-219-193-151.deploy.static.akamaitechnologies.com  (23.219.193.151:443)

TCP (HTTP):
Connects to a23-217-59-58.deploy.static.akamaitechnologies.com  (23.217.59.58:80)

TCP (HTTP SSL):
Connects to server-54-192-36-56.jfk1.r.cloudfront.net  (54.192.36.56:443)

TCP (HTTP SSL):
Connects to origin.blu180.mail.live.com  (65.55.118.92:443)

Remove crossbrowse.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.