» ge-force-bg.exe
Overview
Analysis
File Details
Programs (1)

ge-force-bg.exe

Ge-Force

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application ge-force-bg.exe by Naruto Source has been detected as adware by 31 anti-malware scanners. This file is typically installed with the program Ge-Force by Sailor Project which is a potentially unwanted software program. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

ge-force-bg.exe

Publisher:

iWebar (signed by Naruto Source)

Product:

Ge-Force

Description:

Ge-Force exe

Version:

1000.1000.1000.1000

MD5:

bfdd3af0c197e1169f1e1690037693c6

SHA-1:

00b7512ca39e6271210e56bf9095bec63919d670

Scanner detections:

31 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Naruto Source.

Analysis date:

4/23/2024 8:47:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Plush.2

833

AhnLab V3 Security

PUP/Win32.CrossRider

2014.10.14

Avira AntiVirus

Adware/CrossRider.pq

7.11.172.136

avast!

Win32:Adware-gen [Adw]

2014.9-141025

AVG

Generic

2015.0.3311

Baidu Antivirus

Adware.NSIS.Adwapper

4.0.3.141025

Bitdefender

Gen:Variant.Adware.Plush.2

1.0.20.1490

Comodo Security

ApplicUnwnt

19655

Dr.Web

Trojan.Crossrider.31451

9.0.1.0298

Emsisoft Anti-Malware

Gen:Variant.Adware.Plush

8.14.10.25.08

ESET NOD32

Win32/Toolbar.CrossRider.AL (variant)

8.10422

Fortinet FortiGate

Adware/Adwapper

10/25/2014

F-Secure

Gen:Variant.Adware.Plush.2

11.2014-25-10_7

G Data

Win32.Adware.Crossrider

14.10.24

IKARUS anti.virus

Trojan.GoogUpdate

t3scan.1.7.8.0

K7 AntiVirus

Adware

13.183.13379

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.3048

Malwarebytes

PUP.Optional.GeForce.A

v2014.10.25.08

McAfee

Artemis!BFDD3AF0C197

5600.6967

MicroWorld eScan

Gen:Variant.Adware.Plush.2

15.0.0.894

NANO AntiVirus

Riskware.Win32.Toolbar.debtnd

0.28.2.62440

Panda Antivirus

Trj/Chgt.F

14.10.25.08

Qihoo 360 Security

Win32/Virus.Adware.970

1.0.0.1015

Quick Heal

AdWare.NSIS.r5 (Not a Virus)

10.14.14.00

Reason Heuristics

PUP.Crossrider.NarutoSource.L

14.10.25.8

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141023

Sophos

Generic PUA AA

4.98

Trend Micro House Call

TROJ_GEN.F0C2H00IC14

7.2.298

Vba32 AntiVirus

AdWare.Adwapper

3.12.26.3

VIPRE Antivirus

Crossrider

33150

Zillya! Antivirus

Adware.Agent.Win32.12206

2.0.0.1937

File size:

680.4 KB (696,680 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Ge-Force.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ge-force\ge-force-bg.exe

Digital Signature

Signed by:

Naruto Source

Authority:

COMODO CA Limited

Valid from:

7/28/2014 4:30:00 AM

Valid to:

7/29/2015 4:29:59 AM

Subject:

CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1CE82906A7F364268F66771839675655

File PE Metadata

Compilation timestamp:

9/14/2014 2:37:07 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:TTyTveNafMoCSb2/aXaFAak8OSGT0jpF51G:T62qbM3rOVTSp31G

Entry address:

0x607BD

Entry point:

E8, 9A, CD, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D8, 26, 4A, 00, E8, 4D, 49, 00, 00, E8, C1, 1C, 00, 00, 0F, B7, F0, 6A, 02, E8, 2D, CD, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 6B, 51, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4689

Code size:

542 KB (555,008 bytes)

The file ge-force-bg.exe has been discovered within the following program.

Ge-Force by Sailor Project

Ge-Force/iWebbar is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.

crossrider.com/install/61911-ge-forces

80% remove it

Remove ge-force-bg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.