Bohr-ium Group - 25% Detection Rate *
Did you just find a download or a file on your computer that is digitally signed by Bohr-ium Group? Some of the security products refers to the detected files as Crossrider (fs) and Generic.E0F. The detection rate for the Bohr-ium Group files collected here is 25%. Please read on for more details.
You will probably see Bohr-ium Group when double-clicking to run the file. The publisher name is then displayed as the "Verified publisher" in the UAC dialog as the screenshot shows:
You can view the digital signature details for Bohr-ium Group with the following steps:
- Open Windows Explorer and locate the Bohr-ium Group file
- Right-click the file and select Properties
- Click on the Digital Signatures tab
- Click the View Certificate button
Here is a screenshot of a file that has been signed by Bohr-ium Group:
As you can see in the screenshot above, Windows states that "This digital signature is OK". This implies that the file has been published by Bohr-ium Group and that the file has not been tampered with.
If you click the View Certificate button shown in the screenshot above, you can view all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, etc. You can also view the address for Bohr-ium Group, such as the street name, city and country.
COMODO Code Signing CA 2 has issued the Bohr-ium Group certificates. You can also see the details of the issuer by clicking the View Certificate button shown in the screengrab above.
Bohr-ium Group Files
These are the Bohr-ium Group files I've collected, thanks to the FreeFixer users.
Scanner and Detection Names
Here's the detection names for the Bohr-ium Group files. I have grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.
| Scanner | Detection Names |
|---|---|
| AVG | Generic.E0F |
| AVware | Crossrider (fs) |
| Ad-Aware | Gen:Application.Heur.Eu1@mKLH8MpO, Gen:Variant.Adware.Plush.1, Gen:Application.Heur.wu1@maX8OlpO, Gen:Application.Heur.Zv1@m4hmRFbO |
| Agnitum | PUA.Toolbar.CrossRider! |
| AhnLab-V3 | Win-PUP/CrossRider, PUP/Win32.BHO, PUP/Win32.CrossRider |
| Antiy-AVL | GrayWare[AdWare:not-a-virus]/NSIS.Adwapper, Trojan/NSIS.GoogUpdate |
| Avast | Win32:Crossrider-AG [PUP], Win32:Crossrider-AK [PUP], Win32:Crossrider-AI [PUP], Win32:Crossrider-AP [PUP] |
| Avira | ADWARE/CrossRider.Gen2 |
| Baidu-International | PUA.Win32.CrossRider.bAV, PUA.Win32.CrossRider.BAQ, PUA.Win64.Crossrider.bJ, Adware.Win32.CrossAd.AG |
| BitDefender | Gen:Application.Heur.Eu1@mKLH8MpO, Gen:Variant.Adware.Plush.1, Gen:Application.Heur.wu1@maX8OlpO, Gen:Application.Heur.Zv1@m4hmRFbO |
| CAT-QuickHeal | PUA.BrightCircle.OD6, Trojan.GoogUpdate.r7, PUA.GoogleUpdate.A5 |
| ClamAV | Win.Adware.Adwapper, Win.Adware.Plush-44 |
| Comodo | ApplicUnwnt |
| Cyren | W32/S-9ad4719b!Eldorado, W32/A-6583813c!Eldorado |
| DrWeb | Trojan.Crossrider.31134, Trojan.Crossrider.32308, Trojan.Crossrider.32630, Trojan.Crossrider.31132, Trojan.Crossrider.30960 |
| ESET-NOD32 | a variant of Win32/Toolbar.CrossRider.AV potentially unwanted, a variant of Win64/Toolbar.Crossrider.F, a variant of Win64/Toolbar.Crossrider.I, a variant of Win32/Toolbar.CrossRider.AF, a variant of Win32/Toolbar.CrossRider.AJ, a variant of Win32/Toolbar.CrossRider.AQ, a variant of Win64/Toolbar.Crossrider.J, a variant of Win32/Toolbar.CrossRider.AS, a variant of Win32/Toolbar.CrossRider.AG potentially unwanted |
| Emsisoft | Gen:Variant.Adware.Plush.1 (B) |
| F-Prot | W32/S-9ad4719b!Eldorado, W32/A-dc12a8d9!Eldorado, W32/A-6583813c!Eldorado |
| F-Secure | Gen:Application.Heur.Eu1@mKLH8MpO, Gen:Variant.Adware.Plush.1, Gen:Application.Heur.wu1@maX8OlpO, Gen:Application.Heur.Zv1@m4hmRFbO |
| Fortinet | Riskware/CrossRider, Adware/CrossRider |
| GData | Gen:Application.Heur.Eu1@mKLH8MpO, Gen:Variant.Adware.Plush.1, Win64.Adware.Crossrider.Q, Gen:Application.Heur.wu1@maX8OlpO, Gen:Application.Heur.Zv1@m4hmRFbO |
| Ikarus | AdWare.Adload, PUA.CrossRider, not-a-virus:WebToolbar.CroRi, Trojan.GoogUpdate |
| Jiangmin | AdWare/NSIS.ati, Trojan/NSIS.cpb, Trojan/NSIS.fp |
| K7GW | Trojan ( 020000001 ) |
| Kaspersky | not-a-virus:WebToolbar.Win32.CrossRider.hbi, Trojan.Win32.GoogUpdate.xpi |
| Kingsoft | Win32.Troj.Generic.a.(kcloud) |
| Malwarebytes | PUP.Optional.BrowsersApps.A, PUP.Optional.MediaPlayer.A, PUP.Optional.BrowsersApp.A, PUP.Optional.SmartSaver.A |
| McAfee | Artemis!056E2EEEA43B, Artemis!DE2106E9F95A, Artemis!E1EF45EEDC78, Artemis!1B6B81B8B57B, Artemis!E815EA3A784C |
| McAfee-GW-Edition | BehavesLike.Win32.BadFile.th, Artemis |
| MicroWorld-eScan | Gen:Application.Heur.Eu1@mKLH8MpO, Gen:Variant.Adware.Plush.1, Gen:Application.Heur.wu1@maX8OlpO, Gen:Application.Heur.Zv1@m4hmRFbO |
| NANO-Antivirus | Trojan.Win32.Crossrider.deimll, Riskware.Win32.Crossrider.desmcu, Trojan.Win32.Crossrider.deimpp, Riskware.Win32.Crossrider.dekgmx |
| Panda | Trj/Genetic.gen |
| Qihoo-360 | Malware.QVM10.Gen, HEUR/Malware.QVM10.Gen |
| Rising | PE:Malware.Obscure!1.9C59, PE:Adware.Plush!6.23BE |
| Sophos | AppRider, Generic PUA KG, Generic PUA MG, Generic PUA NG |
| Symantec | Adware.Crossid, PUA.Gen.2 |
| Tencent | Win32.Adware.Bp-browser.Luqs, Trojan.Win32.Qudamah.Gen.7 |
| TrendMicro | TROJ_GEN.R0C1C0EKN14, TROJ_GEN.R021C0EJQ14, TROJ_GEN.R0C1C0OJH14, TROJ_GEN.R0C1C0OJI14 |
| TrendMicro-HouseCall | TROJ_GEN.R0C1C0EKN14, TROJ_GEN.R021C0EJQ14, Suspicious_GEN.F47V0916, TROJ_GEN.R0C1C0OJH14, TROJ_GEN.R0C1C0OJI14 |
| VBA32 | AdWare.Adwapper |
| VIPRE | Crossrider (fs) |
| Zillya | Trojan.GoogUpdate.Win32.1806, Trojan.GoogUpdate.Win32.1935, Trojan.GoogUpdate.Win32.1235 |
* How the Detection Percentage is Calculated
The detection percentage is based on that I have gathered 946 scan reports for the Bohr-ium Group files. 241 of these scan reports came up with some sort of detection. You can review the full details of the scan results by examining the files listed above.
Analysis Details
The analysis is based on certificates with the following serial numbers:
- 79ae90ff01ab303c263027ab2fc84409