home

extcr2_setup.exe

Uttjoajdwuihsr

Owsuae

The application extcr2_setup.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from i1.securemyfun.info and multiple other hosts.
Publisher:
Owsuae

Product:
Uttjoajdwuihsr

Description:
Wfgeoujhpwk

Version:
1.0.0.0

MD5:
16cdf2ae7fa3eb8a7177bcd6f9dfdc0c

SHA-1:
f1b08e8a376263de727c6c9fbd10ede46533cba8

SHA-256:
f641bceaf14c2a5faf1ff2da2f64cdc9e871f5051018a897b1df0c12d7fcf898

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/5/2024 11:44:20 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.ScrambleWrapper
7.1.1

Baidu Antivirus
Trojan.Win32.ScrambleWrapper
4.0.3.14110

Bkav FE
HW32.CDB
1.3.0.4613

Dr.Web
Trojan.Crossrider.20
9.0.1.010

ESET NOD32
Win32/Packed.ScrambleWrapper
8.9256

K7 AntiVirus
Trojan
13.175.10750

Malwarebytes
PUP.Optional.Bundler
v2014.01.10.02

McAfee
Artemis!16CDF2AE7FA3
5600.7192

NANO AntiVirus
Trojan.Win32.Generic.cthmre
0.28.0.58101

Trend Micro House Call
TROJ_GEN.F47V0105
7.2.10

File size:
5 MB (5,214,322 bytes)

Copyright:
Wxcpnaboqbb

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\extcr2_setup.exe

File PE Metadata
Compilation timestamp:
2/19/2012 4:01:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
98304:E6kOqfC96qLmzIk+jYPvnRlFw88WqlWBM2BD67pMjbs0K4q9zjKtAQZqnsx03rz9:HkzKEWmzW8nS+ns4qNWtjpWrzdjr

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file extcr2_setup.exe has been seen being distributed by the following 2 URLs.

http://i1.securemyfun.info/.../applow2.exe

http://i1.stylefun.info/.../applow2.exe

Remove extcr2_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.