CrossBeam (New Media Holdings Ltd.) – 9% Detection Rate at VirusTotal

Hello! Was looking for some downloads to play around with and found one, digitally signed by CrossBeam (New Media Holdings Ltd.). The file is named chrome-download.exe.

CrossBeam (New Media Holdings Ltd.) warning

Typically you’d see the CrossBeam (New Media Holdings Ltd.) publisher name appear when double-clicking on the chrome-download.exe file: By examining the certificate, we can see that CrossBeam (New Media Holdings Ltd.) appears to be located in Tel Avivl, Israel.

CrossBeam (New Media Holdings Ltd.) cert

The certificate is issued by GlobalSign CodeSigning CA – G2.CrossBeam GlobalSign

The issue here is that if chrome-download.exe really was a setup file for Google Chrome, it should be signed by Google Inc. and not by some unknown company. Here’s how the authentic Google Chrome looks like when you double click on it. Notice that the “Verified publisher” says “Google Inc”.
Chrome Google Inc publisher

9% of the anti-virus scanners detected the file. Some of the detection names for the chrome-download.exe file are a variant of Win32/InstallCore.ACQ.gen potentially unwanted, PUP.Optional.InstallCore and InstallCore (fs).

CrossBeam anti-virus report

When I tested the CrossBeam file it bundled StormFall and Norton 360. The checkbox for these two programs were not checked by default.

Did you also find a CrossBeam (New Media Holdings Ltd.) file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.