Home / malware PUA:Win32/CrossRider
First posted on 07 July 2019.
Source: MicrosoftAliases :
PUA:Win32/CrossRider is also known as not-a-virus:WebToolbar.Win32.CrossRider.amqa, PUP-FTK, a variant of Win32/Toolbar.CrossRider.CD potentially unwante, AppRider, PUA_CrossRider, PE:Malware.Adload!6.1D9D, Gen:Application.Parj.1, Adware.Crossid.
Explanation :
Installation
This application can be downloaded from websites that offer third-party software downloads. For example, we have seen it downloaded from:
download.newcloudrack.com www.jiggy.nl www30.zippyshare.com
We have seen this application use the following file names:
EmailNotifierSetup.exe MapsSetup.exe TVSetup.exe PublicTransportSetup.exe MusicSetup.exe SocialNetworksSetup.exe CustomizableSetup.exe EmailNotifierSetup (1).exe
It can be digitally signed by the following vendors:
Digit Network (Extreme White Limited) Kimahri Software inc. Xacti City Center Games (Extreme White Limited) Oral Teams (Extreme White Limited)
We have seen this application using product names such as:
SavePass 1.1 iWebar Sense Ge-Force
This application communicates with domains such as:
err.rgbdomsrv.com logs.rgbdomsrv.com update.rgbdomsrv.com errors.keybufferbox.com stats.ourinputinfonet.com
For example:
err.rgbdomsrv.com/utility.gif? logs.rgbdomsrv.com/data.gif? stats.ourinputinfonet.com/stats.gif? Payload
Installs other programs
We have seen this application install other software on your PC. Some of these applications might be bundled during the installation process and not intended to be installed. We have seen it installing programs such as:
VLC media player 360 Total Security Ares BitTorrent DriverDoc Freemake Video Downloader MediaGet Movie To GIF 1.2.4.0 Popcorn-Time
This description was published using automated analysis.Last update 07 July 2019
