home

ge-force-buttonutil64.dll

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module ge-force-buttonutil64.dll by Naruto Source has been detected as adware by 12 anti-malware scanners. This file is typically installed with the program Ge-Force by Sailor Project which is a potentially unwanted software program. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Naruto Source  (signed and verified)

MD5:
25b5373a2410d366e708265b166e0d10

SHA-1:
93172f036ceb041c17b841ab3593c5eed43ac12d

SHA-256:
6e561d68b71809bf253a01b7553d87beadbc70b9ee4b7581a7cce96dfce5974a

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Naruto Source.

Analysis date:
4/23/2024 9:32:21 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/CrossRider.pq
7.11.170.42

AVG
Generic
2015.0.3365

ESET NOD32
Win64/Toolbar.Crossrider (variant)
8.10341

IKARUS anti.virus
PUA.Toolbar.CrossRider
t3scan.1.7.5.0

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
14.0.0.3319

McAfee
Artemis!25B5373A2410
5600.7021

Panda Antivirus
Trj/Chgt.E
14.09.01.04

Qihoo 360 Security
Win32/Virus.Adware.970
1.0.0.1015

Reason Heuristics
PUP.Crossrider.NarutoSource.V
14.9.1.4

File size:
438.4 KB (448,872 bytes)

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\Program Files\ge-force\ge-force-buttonutil64.dll

Digital Signature
Signed by:
Naruto Source

Authority:
COMODO CA Limited

Valid from:
7/28/2014 8:00:00 AM

Valid to:
7/29/2015 7:59:59 AM

Subject:
CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1CE82906A7F364268F66771839675655

File PE Metadata
Compilation timestamp:
8/28/2014 6:02:58 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:YT+GkVGDElTQ0L/RJctlLdM28S7YcThUgIKI5/bXvXGM+zTcmENkIzaTBbvJDTCk:GdlfM/ammukIzaTVFp3els

Entry address:
0x2C0CC

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, EF, A9, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, A0, AC, 03, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF...
 
[+]

Entropy:
6.2192

Code size:
287 KB (293,888 bytes)

The file ge-force-buttonutil64.dll has been discovered within the following program.

Ge-Force  by Sailor Project
Ge-Force/iWebbar is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.
crossrider.com/install/61911-ge-forces
80% remove it
 
Powered by Should I Remove It?

Remove ge-force-buttonutil64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.