home

ge-force-buttonutil.dll

Selecao Technologies (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module ge-force-buttonutil.dll by Selecao Technologies (Bright Circle Investments) has been detected as adware by 28 anti-malware scanners. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Selecao Technologies (Bright Circle Investments Ltd)  (signed and verified)

MD5:
21927fe25266a3ca3d1bf11a6356df09

SHA-1:
6f51e2d9c40e5a2bcd6eeb6a9e9f6d56b340144c

SHA-256:
9d34fdb1a45d9dd4c09b40240eb3254117eed20d26b3f38ce6e8d2c1e51dc5d9

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Selecao Technologies (Bright Circle Investments Ltd).

Analysis date:
4/23/2024 3:48:02 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.By5@mi78CEgi
707

AhnLab V3 Security
PUP/Win32.CrossRider
2015.02.18

Avira AntiVirus
Adware/CrossRider.ZZ
7.11.210.224

avast!
Win32:Crossrider-CC [PUP]
2014.9-150227

AVG
Generic
2016.0.3185

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.15227

Bitdefender
Gen:Application.Heur.By5@mi78CEgi
1.0.20.290

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
DLOADER.Trojan
9.0.1.058

ESET NOD32
Win32/Toolbar.CrossRider.BD potentially unwanted (variant)
9.11193

Fortinet FortiGate
Riskware/CrossRider
2/27/2015

F-Prot
W32/S-26f49d43
v6.4.7.1.166

F-Secure
Gen:Application.Heur.By5@mi78CEgi
11.2015-27-02_6

G Data
Gen:Application.Heur.By5@mi78CEgi
15.2.25

K7 AntiVirus
Unwanted-Program
13.196.14999

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.2420

McAfee
Artemis!21927FE25266
5600.6841

MicroWorld eScan
Gen:Application.Heur.By5@mi78CEgi
16.0.0.174

NANO AntiVirus
Trojan.Win32.CrossRider.dncmbx
0.30.0.126

Panda Antivirus
Trj/Genetic.gen
15.02.27.09

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Adware.Crossrider.Brightcircle
15.2.27.22

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.15225

Sophos
AppRider
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00AP15
7.2.58

Trend Micro
TROJ_GEN.F0C2C00AP15
10.465.27

VIPRE Antivirus
Crossrider
37672

Zillya! Antivirus
Adware.CrossRider.Win32.2386
2.0.0.2071

File size:
444 KB (454,632 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\ge-force\ge-force-buttonutil.dll

Digital Signature
Signed by:
Selecao Technologies (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/15/2014 4:00:00 PM

Valid to:
12/16/2015 3:59:59 PM

Subject:
CN=Selecao Technologies (Bright Circle Investments Ltd), O=Selecao Technologies (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3F2791037D410A199539AA4A99F7DEB3

File PE Metadata
Compilation timestamp:
1/19/2015 9:34:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:Z/DitynwPM4+LXKlqNBCorymRDM9KTB+BxvkBv2z+y03G:ZPnOMBNB3pmKTsBhkEi3G

Entry address:
0x2EBD3

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 91, 97, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 78, A2, 05, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 48, 21, 06, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 80, 34, 05, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3798

Developed / compiled with:
Microsoft Visual C++

Code size:
307 KB (314,368 bytes)

Remove ge-force-buttonutil.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.