7188.exe

York New Labs (Extreme White Limited)

The application 7188.exe by York New Labs (Extreme White Limited) has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. This file is typically installed with the program Crossbrowse by CLARALABSOFTWARE which is a potentially unwanted software program. The file has been seen being downloaded from download.ewebdomrec.com. While running, it connects to the Internet address hwcdn.net on port 80 using the HTTP protocol.
Publisher:
York New Labs (Extreme White Limited)  (signed and verified)

Version:
106.0.0.0

MD5:
6fc0dde5f535e6cf6e707c80a6dc3af1

SHA-1:
da26d09bf6f78b033044ad1ba3f54f91e5da807d

SHA-256:
94026a85df65f6b5ec464fd7f8b787e85a8cb209dd452e90669676e251407a3b

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
11/5/2024 9:46:18 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

AVG
Win32/DH{gRJlfRMDICIlV04}
2016.0.3057

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.1575

ESET NOD32
Win32/Toolbar.CrossRider.CT potentially unwanted (variant)
9.11879

K7 AntiVirus
Unwanted-Program
13.205.16443

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.1782

Malwarebytes
PUP.Optional.Crossbrowse.C
v2015.07.05.01

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
1.9 MB (1,976,400 bytes)

Product version:
106.0.0.0

File type:
Executable application (Win32 EXE)

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/15/2015 6:00:00 AM

Valid to:
4/15/2016 5:59:59 AM

Subject:
CN=York New Labs (Extreme White Limited), O=York New Labs (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00927773AE2A990E6BEB7E5455470BEF66

File PE Metadata
Compilation timestamp:
7/2/2015 3:17:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:b6aeb25GucMeB9nVwgmUaq7ATspSXrSTvMxS2TiY5lECx8FTM:meQLZnVdmVrz

Entry address:
0x12CA3E

Entry point:
E8, 48, 11, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 24, CE, 5C, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 48, 0E, 5C, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 24, CE, 5C, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01...
 
[+]

Code size:
1.4 MB (1,416,192 bytes)

The file 7188.exe has been discovered within the following program.

Crossbrowse  by CLARALABSOFTWARE
87% remove it
 
Powered by Should I Remove It?

The file 7188.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.65.10:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to ec2-184-73-216-4.compute-1.amazonaws.com  (184.73.216.4:80)

TCP (HTTP):
Connects to ec2-54-225-240-148.compute-1.amazonaws.com  (54.225.240.148:80)

TCP (HTTP):
Connects to ec2-50-16-227-194.compute-1.amazonaws.com  (50.16.227.194:80)

Remove 7188.exe - Powered by Reason Core Security