crossbrowser.exe

CrossBrowser

CLARALABSOFTWARE

The application crossbrowser.exe by CLARALABSOFTWARE has been detected as a potentially unwanted program by 3 anti-malware scanners. This file is typically installed with the program CrossBrowser by CLARALABSOFTWARE which is a potentially unwanted software program. While running, it connects to the Internet address 23.126.39.189.cache.google.com on port 443.
Publisher:
The CrossBrowser Authors  (signed by CLARALABSOFTWARE)

Product:
CrossBrowser

Version:
42.0.2311.93

MD5:
0d716733c22823c8ba12a21514253701

SHA-1:
530f50e58b6f4432224c51d52eda4012f012890c

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 5:50:36 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Iminent.50
9.0.1.0240

Malwarebytes
PUP.Optional.Clara.A
v2015.08.28.04

Reason Heuristics
PUP.CLARALABSOFTWARE (M)
15.8.28.16

File size:
579.9 KB (593,832 bytes)

Product version:
42.0.2311.93

Copyright:
Copyright 2014 The CrossBrowser Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Application\crossbrowser.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/17/2014 12:11:04 PM

Valid to:
12/17/2015 12:11:04 PM

Subject:
CN=CLARALABSOFTWARE, O=CLARALABSOFTWARE, L=Paris, C=FR

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B0709ADBE1F3C

File PE Metadata
Compilation timestamp:
8/7/2015 1:44:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:a5/1/5h3mFn4fm9HoG3YNgkkdcYfuTaxJ2xTsa/9wRK1tUPHPPpNfg0:aB1JTa0gPH5R

Entry address:
0x3F6A0

Entry point:
E8, 10, 98, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 83, EC, 14, 53, 56, 33, DB, 57, 8B, 7D, 08, 89, 5D, F8, 89, 5D, F4, 89, 5D, FC, 85, FF, 75, 18, E8, F0, 13, 00, 00, 6A, 16, 5E, 89, 30, E8, 41, D1, FF, FF, 8B, C6, 5F, 5E, 5B, 8B, E5, 5D, C3, 6A, 24, 68, FF, 00, 00, 00, 57, E8...
 
[+]

Code size:
355 KB (363,520 bytes)

The file crossbrowser.exe has been discovered within the following program.

CrossBrowser  by CLARALABSOFTWARE
About 60% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to cache.google.com  (190.104.250.181:443)

TCP (HTTP SSL):
Connects to ec2-52-206-182-223.compute-1.amazonaws.com  (52.206.182.223:443)

TCP (HTTP SSL):
Connects to ec2-23-21-57-51.compute-1.amazonaws.com  (23.21.57.51:443)

TCP (HTTP):
Connects to ec2-50-19-220-99.compute-1.amazonaws.com  (50.19.220.99:80)

TCP (HTTP SSL):
Connects to 80.83.2ea9.ip4.static.sl-reverse.com  (169.46.131.128:443)

TCP (HTTP SSL):
Connects to ec2-52-21-158-163.compute-1.amazonaws.com  (52.21.158.163:443)

TCP (HTTP):
Connects to ec2-52-207-48-5.compute-1.amazonaws.com  (52.207.48.5:80)

TCP (HTTP SSL):
Connects to ec2-184-72-233-150.compute-1.amazonaws.com  (184.72.233.150:443)

TCP (HTTP SSL):
Connects to server-54-192-55-33.jfk6.r.cloudfront.net  (54.192.55.33:443)

TCP (HTTP SSL):
Connects to ec2-52-206-177-194.compute-1.amazonaws.com  (52.206.177.194:443)

TCP (HTTP SSL):
Connects to ec2-52-20-175-169.compute-1.amazonaws.com  (52.20.175.169:443)

TCP (HTTP SSL):
Connects to a23-75-65-168.deploy.static.akamaitechnologies.com  (23.75.65.168:443)

TCP (HTTP SSL):
Connects to a190-61-17-9.deploy.akamaitechnologies.com  (190.61.17.9:443)

TCP (HTTP SSL):
Connects to a190-61-17-10.deploy.akamaitechnologies.com  (190.61.17.10:443)

TCP (HTTP SSL):
Connects to server-54-192-55-89.jfk6.r.cloudfront.net  (54.192.55.89:443)

TCP (HTTP SSL):
Connects to server-54-192-36-153.jfk1.r.cloudfront.net  (54.192.36.153:443)

TCP (HTTP SSL):
Connects to static121.216.110.200.cps.com.ar  (200.110.216.121:443)

TCP (HTTP SSL):
Connects to 8d.26.be.static.xlhost.com  (209.190.38.141:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-eze1.fbcdn.net  (31.13.94.24:443)

TCP (HTTP SSL):
Connects to edge-z-m-mini-shv-01-eze1.facebook.com  (31.13.94.36:443)

Remove crossbrowser.exe - Powered by Reason Core Security