Crawler, LLC - 1.6% Detection Rate *

Did you just stumble upon a file that has been digitally signed by Crawler, LLC? If that's the case, please read on.

You'll probably see Crawler, LLC when clicking to run the file. The publisher name is displayed as the "Verified publisher" in the UAC dialog as the screenshot shows:

Screenshot where Crawler, LLC appears as the verified publisher in the UAC dialog

You can view the digital signature details for Crawler, LLC with the following steps:

  1. Open up Windows Explorer and locate the Crawler, LLC file
  2. Right-click the file and select Properties
  3. Click the Digital Signatures tab
  4. Click the View Certificate button

Here's a screencap of a file that has been digitally signed by Crawler, LLC:

Screenshot of the Crawler, LLC certificate

As you can see in the screengrab above, Windows reports that "This digital signature is OK". This means that the file has been published by Crawler, LLC and that the file has not been tampered with.

If you click the View Certificate button shown in the screenshot above, you can see all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, and so on. You can also see the address for Crawler, LLC, such as the street name, city and country.

VeriSign Class 3 Code Signing 2010 CA and VeriSign Class 3 Code Signing 2004 CA has issued the Crawler, LLC certificates. You can also see the details of the issuer by clicking the View Certificate button shown in the screenshot above.

Crawler, LLC Files

The following are the Crawler, LLC files I've collected, thanks to the FreeFixer users.

Detection RatioFile Name
1/48PCFixTray.exe
1/47app24x7svc.exe
1/46st_rsser.exe
1/48app24x7svc.exe
7/52PCFixTray.exe
1/56CStart8Tray64.exe
1/47App24x7Svc.exe
1/47App24x7Help.exe
1/46App24x7Hook.exe
1/48App24x7Hook.exe
2/46PCFixTray.exe
1/47App24x7Hook.dll
1/47App24x7Help.exe
2/50PCFixTray.exe
1/50SafetyOptimizer.exe
1/47PCFixTray.exe
1/46App24x7Hook64.dll
3/49PCFixTray.exe
1/47OVTray.exe
2/54App24x7Help.exe
1/53Nyei7aZ9.exe.part
8/53PCFixTray.exe
16/69CrawlerSmileys.exe
0/47stflt.sys
0/47OV.exe
0/47App24x7Help.exe
0/47ctbr.dll
0/36st_rsser64.exe

Scanner and Detection Names

Here's the detection names for the Crawler, LLC files. I've grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.

ScannerDetection Names
AVwareTrojan.Win32.Generic!BT
AviraPUA/Crawler.Gen
Baidu-InternationalAdware.Win32.Crawler.BB
BkavHW32.Laneul.zamw
ByteHeroTrojan.Win32.Heur.Gen, Trojan-Downloader.win32.Agent.gen.123, Trojan-Downloader.Win32.DlfBfkg.ln
CAT-QuickHealTrojan.Crawlertoolbar
CMCPacked.Win32.Obfuscated.10!O
ClamAVWin.Adware.PCFixSpeed
ComodoApplicUnwnt@#1g5ofbjwc5fw
DrWebProgram.Unwanted.45, Program.Unwanted.317
ESET-NOD32probably a variant of Win32/24x7Help.B, Win32/24x7Help.A, a variant of Win32/24x7Help.B, Win64/24x7Help.A, Win32/Toolbar.Crawler.A potentially unwanted
EmsisoftAndroid.Adware.Plankton.A (B), Application.Toolbar (A)
Endgamemalicious (high confidence)
FortinetRiskware/Reptile
GDataWin32.Application.Crawler.B
Invinceaheuristic
K7AntiVirusAdware ( 004c577c1 )
K7GWAdware ( 004c577c1 )
Kasperskynot-a-virus:HEUR:WebToolbar.Win32.Reptile.gen
McAfeeArtemis!1D8B4C510891
McAfee-GW-EditionArtemis!1D8B4C510891
MicrosoftPUA:Win32/CrawlerToolbar
SophosPC Power Speed
TrendMicro-HouseCallTROJ_GEN.F47V0411, Suspicious_GEN.F47V0814, TROJ_GEN.R049H07B519
VBA32BScope.Trojan-Dropper.Injector
VIPRETrojan.Win32.Generic!BT
ZoneAlarmnot-a-virus:HEUR:WebToolbar.Win32.Reptile.gen

* How the Detection Percentage is Calculated

The detection percentage is based on the fact that I have gathered 3401 scan results for the Crawler, LLC files. 56 of these scan results came up with some sort of detection. You can view the full details of the scan results by examining the files listed above.

Analysis Details

The analysis is based on certificates with the following serial numbers:

Comments

No comments posted yet.

Leave a reply