crossbrowse.exe

Crossbrowse

The application crossbrowse.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘GoogleChromeAutoLaunch’. While running, it connects to the Internet address lb-182-252.above.com on port 80 using the HTTP protocol.
Publisher:
Crossbrowse

Product:
Crossbrowse

Version:
39.6.2171.95

MD5:
e0007a1dfebd72696244fffa285687ca

SHA-1:
c573f57f026252b3c963899ca6c9cd78d422f9d6

SHA-256:
47af7f94ab0cf1d851bd29b11a88d68a0f55d8a6d9ebc7141cad59939af17175

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:11:27 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Crossbrowse (M)
17.2.16.8

File size:
772 KB (790,528 bytes)

Product version:
39.6.2171.95

Copyright:
Copyright 2015 Crossbrowse. All rights reserved.

Original file name:
crossbrowse.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\crossbrowse\crossbrowse\application\crossbrowse.exe

File PE Metadata
Compilation timestamp:
10/14/2092 11:41:57 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x57830

Entry point:
86, F4, 8B, C3, 68, 60, 4E, 00, 00, F8, 59, B8, 0D, D6, CC, 0B, F7, D0, 90, 8D, 87, 76, 20, C7, 02, 8D, 86, 7C, 6E, 98, FA, 8D, 04, 41, 87, D2, 86, D0, EB, 05, 00, 00, 00, F4, 00, 92, 8D, 85, B2, 30, 23, BB, 8B, C6, 8D, 55, F9, 8D, 54, AD, 88, 8B, D5, 8D, 47, 1D, B4, D5, B6, 8D, 8A, E7, 92, 90, F7, D2, FC, 8D, 42, D4, 86, F6, FC, 66, 81, 91, 00, 32, 4C, 00, 04, B5, EB, 75, 00, 00, 00, 2D, EB, E0, 83, 32, 40, D2, 50, 90, 5F, E8, 7A, B6, 00, B2, 7A, FC, 00, ED, A9, 00, E9, 4A, AF, 0E, FD, C2, F1, 96, 2C, 4A...
 
[+]

Entropy:
6.3059

Code size:
346.5 KB (354,816 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GoogleChromeAutoLaunch

Command:
"C:\Program Files\crossbrowse\crossbrowse\application\crossbrowse.exe" --no-startup-window


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to lb-182-252.above.com  (103.224.182.252:80)

Remove crossbrowse.exe - Powered by Reason Core Security