» ge-force-buttonutil.dll
Overview
Analysis
File Details
Programs (1)

ge-force-buttonutil.dll

Armageddon Labs (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module ge-force-buttonutil.dll by Armageddon Labs (BrightCircle Investments Limited) has been detected as adware by 18 anti-malware scanners. This file is typically installed with the program Ge-Force by Sailor Project which is a potentially unwanted software program. The ButtonUtil module (32-bit version) uses the Crossrider web extension monetization toolkit and will perform a number of helper integration activities on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Armageddon Labs (BrightCircle Investments Limited) (signed and verified)

MD5:

334f2df8f1719a1d5e7083fa2192ce7f

SHA-1:

dd840dbb81037c50f5059b4c903f94f24cd953d1

SHA-256:

af9d3c204ce43be3785fa1649e408fd03c03a336138a552530f1e05472996a5a

Scanner detections:

18 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Armageddon Labs (BrightCircle Investments Limited).

Analysis date:

4/26/2024 4:23:11 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.zy5@ke3uzKbi

6213306

Avira AntiVirus

ADWARE/CrossRider.Gen7

7.11.197.30

AVG

Generic

2015.0.3253

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141223

Bitdefender

Gen:Application.Heur.zy5@ke3uzKbi

1.0.20.1780

Dr.Web

DLOADER.Trojan

9.0.1.0356

Emsisoft Anti-Malware

Gen:Application.Heur.zy5@ke3uzKbi

9.0.0.4668

ESET NOD32

Win32/Toolbar.CrossRider.BD potentially unwanted application

7.0.302.0

F-Secure

Gen:Application.Heur.zy5@ke3uzKbi

11.2014-22-12_2

G Data

Gen:Application.Heur.zy5@ke3uzKbi

14.12.24

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

15.0.0.543

MicroWorld eScan

Gen:Application.Heur.zy5@ke3uzKbi

15.0.0.1068

Norman

Gen:Application.Heur.zy5@ke3uzKbi

04.12.2014 14:30:06

Panda Antivirus

Generic Suspicious

14.12.23.12

Qihoo 360 Security

Win32/Application.df5

1.0.0.1015

Reason Heuristics

PUP.Crossrider.ArmageddonLabsBrightCircleInvestmentsLimited.T

15.1.4.17

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141220

Sophos

PUA 'AppRider' (of type Adware)

5.09

File size:

401.5 KB (411,104 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\ge-force\ge-force-buttonutil.dll

Digital Signature

Signed by:

Armageddon Labs (BrightCircle Investments Limited)

Authority:

COMODO CA Limited

Valid from:

12/1/2014 1:00:00 AM

Valid to:

12/2/2015 12:59:59 AM

Subject:

CN=Armageddon Labs (BrightCircle Investments Limited), O=Armageddon Labs (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C5692390E715129E144F950D09DA6E8A

File PE Metadata

Compilation timestamp:

12/21/2014 12:33:53 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:YvTomN3S1mY2CmvOTXNS3ZfDuz1n1Q1S3+TB4BUK82PFVn6L:YvNC1R2CmvOTXmbujZ3+T6+KdtVn6L

Entry address:

0x29223

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 91, 97, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, E0, 12, 05, 10, E8, 0E, 36, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 48, 91, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 30, 79, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

261.5 KB (267,776 bytes)

The file ge-force-buttonutil.dll has been discovered within the following program.

Ge-Force by Sailor Project

Ge-Force/iWebbar is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.

crossrider.com/install/61911-ge-forces

80% remove it

Remove ge-force-buttonutil.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.