CrossriderApp0010595.exe

Log-Tech Communications LTD

This is the Crossrider web browser extension installer that contains the files for installing a plugin for IE, Chrome and Firefox. It was built by developer (#10595) Rss Reader at http://crossrider.com/install/10595. As part of the installing of the extensions, Crossrider may offer changes to your Internet browser settings. The application CrossriderApp0010595.exe, “Rss Reader Installer” by Log-Tech Communications has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Rss Reader  (signed by Log-Tech Communications LTD)

Product:
Rss Reader

Description:
Rss Reader Installer

Version:
1.34.4.10

MD5:
c0c24a2d0cc16f481e6e8fe0894a5733

SHA-1:
34f5d72b36f7f362f6034468a008d729da595952

SHA-256:
beae022d2839fd02a8648fb336c3e9580cde0999f413de51976e02eabe437d4d

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Uses the Crossrider extension framework which may modify the browser's home, new tab and search pages as well as displays advertisements such as banner ads and text-links.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Log-Tech Communications LTD.

Analysis date:
11/23/2024 10:44:44 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

Dr.Web
Trojan.Crossrider.10029
9.0.1.0129

ESET NOD32
Win32/Packed.ScrambleWrapper
8.9776

Fortinet FortiGate
Adware/Agent
5/9/2014

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.3893

Malwarebytes
v2014.05.09.07

Quick Heal
AdWare.Agent.r4 (Not a Virus)
5.14.14.00

Reason Heuristics
PUP.Installer.LogTechCommunications.U
14.5.19.1

Trend Micro House Call
TROJ_GE.F05D327E
7.2.129

Vba32 AntiVirus
AdWare.Agent
3.12.26.0

File size:
3.5 MB (3,673,592 bytes)

Copyright:
Copyright Rss Reader

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\downloads\crossriderapp0010595.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/31/2013 5:00:00 PM

Valid to:
8/1/2015 4:59:59 PM

Subject:
CN=Log-Tech Communications LTD, OU=my-centrals.com, O=Log-Tech Communications LTD, POBox=50412, STREET=Hamered 29, L=Tel Aviv, S=Ha-Merkaz, PostalCode=50412, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
06160AFA468E63FA151CF62BC4D36BEF

File PE Metadata
Compilation timestamp:
12/4/2012 5:55:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
98304:l0pDbqfW1lyhaTqR/Dsf4mQgtFRjI0bYwYGu:iiWDygTqR/YygtFhI0bpYt

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9919  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The file CrossriderApp0010595.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to stats.statsmyapp.com  (176.32.99.156:80)

TCP (HTTP):
Connects to staging-app.crossrider.com  (149.126.72.103:80)

TCP (HTTP):
Connects to crossrider.com  (199.83.134.103:80)

 
http://crossrider.com/apps/10595/thank_you_page

Remove CrossriderApp0010595.exe - Powered by Reason Core Security