Submission Summary:

What's been foundSeverity Level
Downloads/requests other files from Internet.
Creates a startup registry entry.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).


Technical Details:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.


File System Modifications

#Filename(s)File SizeFile Hash
1 %ProgramFiles%\CrossriderWebApps\appAPIinternalWrapper.js 35,458 bytes MD5: 0x77AC060C21826BA9719E4442B8C0E92C
SHA-1: 0xB79B8348EC2BE986D2344835C2BF7AEAC087BAD2
2 %ProgramFiles%\CrossriderWebApps\Crossrider.dll 442,880 bytes MD5: 0xE8201F797E14BBF2D97C1F7B38F7EF7D
SHA-1: 0x6385AA743B4D3B0E53857280332273C94CE9CC58
3 %ProgramFiles%\CrossriderWebApps\Crossrider.exe 478,720 bytes MD5: 0xFD6AF39F354242480F14B65143A88E06
SHA-1: 0x50F29C91B90276AF1369D3BD993AF227EC492F9D
4 %ProgramFiles%\CrossriderWebApps\Crossrider.ico 17,542 bytes MD5: 0x904111CC9C667C8122F2ED76F5640AE4
SHA-1: 0xA34245D08B281481CF7DF7FE9A7618D9430E455C
5 %ProgramFiles%\CrossriderWebApps\fb.js 16,075 bytes MD5: 0xD29EECF141FEC432FF9F492F78A75707
SHA-1: 0x91CFA9D2EE5D3C318623E4F1FB674279B108AAE7
6 %ProgramFiles%\CrossriderWebApps\jquery.js 172,567 bytes MD5: 0x691862A748544EEABA49CED3B6C9EE01
SHA-1: 0xC570378D1B0348CDDFB13D595977AA828A7A5F99
7 %ProgramFiles%\CrossriderWebApps\json.js 10,771 bytes MD5: 0xA049A3E3830F34180FD20F858FAD907C
SHA-1: 0xF65A13091B97B6F6227C5E830E8678005CDE81DE
8 %ProgramFiles%\CrossriderWebApps\Uninstall.exe 69,993 bytes MD5: 0xD01ADA1E24AC00B3EFD499F622BE42CF
SHA-1: 0x3C63080A86BE09314EA41594F6323357E75C1950
9 [file and pathname of the sample #1] 526,443 bytes MD5: 0x52DE2BB644E9928A50D44A3B8DA0456F
SHA-1: 0x028548A3F8E580618944A5B1E557E98E4699555A


Memory Modifications

Process NameProcess FilenameMain Module Size
[filename of the sample #1][file and pathname of the sample #1]208,896 bytes


Registry Modifications


Other details

Russian Federation

Remote HostPort Number



All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

Copyright © 2015 ThreatExpert. All rights reserved.