home

ge-force-bho.dll

Ge-Force

ColoColo Apps (Bright Circle Investments Ltd)

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module ge-force-bho.dll by ColoColo Apps (Bright Circle Investments) has been detected as adware by 13 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘8428d718dc914fc88611ddb378d6dc100069795’. This is the Browser Helper Object (BHO) for the Crossrider web browser platform for Internet Explorer. Instead of utilizing a traditional IE Toolbar, it installs a BHO in the browser in order to manage the functionality of the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Webar  (signed by ColoColo Apps (Bright Circle Investments Ltd))

Product:
Ge-Force

Description:
Ge-Force BHO

Version:
1000.1000.1000.1000

MD5:
70841b552980b3327370692bb5ae31be

SHA-1:
d5fa6da9e42dc839a84bdd0ac37b79c73ba82c42

SHA-256:
a903e051376a8165ac4a9106ab7ce412b2222e0f2183ad155ac0a05db76b60de

Scanner detections:
13 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is ColoColo Apps (Bright Circle Investments Ltd).

Analysis date:
4/20/2024 5:18:36 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.205.178

avast!
Win32:Crossrider-CD [PUP]
2014.9-150606

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.15128

Dr.Web
Trojan.Crossrider1.22980
9.0.1.0157

ESET NOD32
Win32/Toolbar.CrossRider.BA potentially unwanted application
7.0.302.0

Kaspersky
not-a-virus:HEUR:AdWare.Win32.CrossRider
14.0.0.2573

Malwarebytes
PUP.Optional.GoHD.A
v2015.06.06.01

Panda Antivirus
Trj/Genetic.gen
15.01.28.11

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.CrossRider.BHO.Brightcircle
15.2.10.11

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.15126

Sophos
Generic PUA EG
4.98

VIPRE Antivirus
Threat.4789396
36666

File size:
757.5 KB (775,640 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Ge-Force.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\ge-force\ge-force-bho.dll

Digital Signature
Signed by:
ColoColo Apps (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/15/2014 10:00:00 PM

Valid to:
12/16/2015 9:59:59 PM

Subject:
CN=ColoColo Apps (Bright Circle Investments Ltd), O=ColoColo Apps (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D815C7CD687694A6F4119A3535D31D7A

Registration
CLSIDs:
{11111111-1111-1111-1111-110611971195}, {22222222-2222-2222-2222-220622972295}

ProgIDs:
8428d718dc914fc88611ddb378d6dc100069795.BHO.1, 8428d718dc914fc88611ddb378d6dc100069795.Sandbox.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
1/28/2015 9:05:05 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:B0AujLTMusFsT135gJf7UUhFsoWDa8obY0wMzX/jHrPzCGKuSWD8QUIMgPrHj/bP:yAULTvseTl5g5gUDspwY0wMzX/jHrPzT

Entry address:
0x651A4

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 5D, C9, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 58, 93, 0A, 10, E8, ED, 49, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 20, F0, 0A, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 14, AF, 09, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
573 KB (586,752 bytes)

Internet Explorer BHO
Display name:
8428d718dc914fc88611ddb378d6dc100069795

CLSID:
{11111111-1111-1111-1111-110611971195}

CLSID name:
Ge-Force


Remove ge-force-bho.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.