home

f92bf700-aad3-4fe6-9e0f-ccc447503806-2.exe

Ge-Force

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The application f92bf700-aad3-4fe6-9e0f-ccc447503806-2.exe by Robokid Technologies has been detected as adware by 12 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
iWebar  (signed by Robokid Technologies)

Product:
Ge-Force

Description:
Ge-Force exe

Version:
1000.1000.1000.1000

MD5:
6089c28818b11e7d9e10bf80358dbcb8

SHA-1:
962ffd5fc98c587d3214cbcd33c78a631f8c4d15

SHA-256:
f0203651e790bdc651e9d430b61c443f6bc34433101b1aad336516fc88e2658b

Scanner detections:
12 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:
4/18/2024 5:45:52 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.163.86

AVG
Generic
2015.0.3406

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14722

ESET NOD32
Win32/Toolbar.CrossRider.AJ potentially unwanted application
7.0.302.0

F-Prot
W32/A-eb9ef301
v6.4.7.1.166

IKARUS anti.virus
AdWare.Adload
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.GeForce.A
v2014.07.22.07

Panda Antivirus
Trj/Genetic.gen
14.07.22.07

Reason Heuristics
PUP.RobokidTechnologies.g
14.7.22.6

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.14720

Sophos
AppRider
4.98

VIPRE Antivirus
Threat.4789396
31208

File size:
389 KB (398,360 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Ge-Force.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ge-force\f92bf700-aad3-4fe6-9e0f-ccc447503806-2.exe

Digital Signature
Signed by:
Robokid Technologies

Authority:
COMODO CA Limited

Valid from:
6/23/2014 1:00:00 AM

Valid to:
6/24/2015 12:59:59 AM

Subject:
CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata
Compilation timestamp:
7/21/2014 11:04:34 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:YzazWz/HI9O4egUeGv51+tr5ldBn/v2oYvXOGozopTBKOM6x8r:Yzazs/o4p25Nl/NWCopTEOI

Entry address:
0x30A11

Entry point:
E8, 7E, 8F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, D1, 45, 00, E8, 09, 25, 00, 00, E8, 89, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 11, 8F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, B7, 62, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
299 KB (306,176 bytes)

Scheduled Task
Task name:
f92bf700-aad3-4fe6-9e0f-ccc447503806-2

Trigger:
Logon (Runs on logon)

Action:
f92bf700-aad3-4fe6-9e0f-ccc447503806-2.exe \mumkbhnt \ljjurumrz='ge-force' \rprthbsn=60276 \a


Remove f92bf700-aad3-4fe6-9e0f-ccc447503806-2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.