» f35f3986-71ea-4c44-b09d-40719e41731a-64.exe
Overview
Analysis
File Details
Programs (1)

f35f3986-71ea-4c44-b09d-40719e41731a-64.exe

Ge-Force

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application f35f3986-71ea-4c44-b09d-40719e41731a-64.exe by Sailor Project has been detected as adware by 13 anti-malware scanners. This file is typically installed with the program Ge-Force by Sailor Project which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

iWebar (signed by Sailor Project)

Product:

Ge-Force

Description:

Ge-Force exe

Version:

1000.1000.1000.1000

MD5:

2b6cad69b1e8954a59edd886a05796ca

SHA-1:

6f2cbf20f32261ecb35f48f598a8f5e7262bb57d

SHA-256:

6d65bd168a0366e20ea0425d09487d9f4a50a1416e60139d56164800c3336b2e

Scanner detections:

13 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

4/25/2024 7:38:06 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/CrossRider.pl

7.11.170.48

avast!

Win32:Crossrider-N [PUP]

140813-1

AVG

Skodna

2015.0.3381

Baidu Antivirus

PUA.Win64.Crossrider

4.0.3.14815

Dr.Web

Trojan.Crossrider.30990

9.0.1.0274

ESET NOD32

Win64/Toolbar.Crossrider.I potentially unwanted application

8.7.0.302.0

herdProtect (fuzzy)

variant of dfa6b258-d67a-49e3-bcad-faedfdeeeb24-64.exe (Adware)

2014.11.3.10

IKARUS anti.virus

Trojan.GoogUpdate

t3scan.1.7.5.0

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.3401

Malwarebytes

PUP.Optional.iWebar.A

v2014.08.15.06

Panda Antivirus

Adware/Goobzo

14.11.03.05

Reason Heuristics

PUP.SailorProject.h

14.8.15.16

VIPRE Antivirus

Threat.4789396

32210

File size:

825.4 KB (845,160 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Ge-Force.exe

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\ge-force\f35f3986-71ea-4c44-b09d-40719e41731a-64.exe

Digital Signature

Signed by:

Sailor Project

Authority:

COMODO CA Limited

Valid from:

7/18/2014 8:00:00 AM

Valid to:

7/19/2015 7:59:59 AM

Subject:

CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47C5F145C734CD3D086C0A102176F0A1

File PE Metadata

Compilation timestamp:

8/14/2014 9:09:11 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:Y+sTsiWugN41Is5CQAM7C9B7dZTS48repKIl40:YTZWd+X5CFM7073T98KpD40

Entry address:

0x5DBB0

Entry point:

48, 83, EC, 28, E8, FB, D7, 00, 00, 48, 83, C4, 28, E9, 02, 00, 00, 00, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 30, E8, 28, 33, 00, 00, 0F, B7, F0, B9, 02, 00, 00, 00, E8, 87, D7, 00, 00, B8, 4D, 5A, 00, 00, 48, 8D, 3D, 0F, 24, FA, FF, 66, 39, 05, 08, 24, FA, FF, 74, 04, 33, DB, EB, 31, 48, 63, 05, 37, 24, FA, FF, 48, 03, C7, 81, 38, 50, 45, 00, 00, 75, EA, B9, 0B, 02, 00, 00, 66, 39, 48, 18, 75, DF, 33, DB, 83, B8, 84, 00, 00, 00, 0E, 76, 09, 39, 98, F8, 00, 00, 00, 0F, 95, C3, 89... 
[+]

Entropy:

6.2275

Code size:

565.5 KB (579,072 bytes)

The file f35f3986-71ea-4c44-b09d-40719e41731a-64.exe has been discovered within the following program.

Ge-Force by Sailor Project

Ge-Force/iWebbar is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.

crossrider.com/install/61911-ge-forces

80% remove it

Remove f35f3986-71ea-4c44-b09d-40719e41731a-64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.