home

trojezwonybig.exe

Ge-Force

Webar

The application trojezwonybig.exe, “Ge-Force Installer” has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory.
Publisher:
Webar

Product:
Ge-Force

Description:
Ge-Force Installer

Version:
1.36.01.22

MD5:
72a19f87fd81a6bba98f88e09f324d37

SHA-1:
e0d6ba88409869db296b7d5d458631532bc23a9d

SHA-256:
fc125cc2dad8c75efa0051df9f5e36640cf93c9fdaf85c31e44f53005af74784

Scanner detections:
25 / 68

Status:
Adware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
4/18/2024 9:01:51 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.JS.Crossrider.B
5703047

Agnitum Outpost
Riskware.VMDetector
7.1.1

AhnLab V3 Security
PUP/Win32.CrossRider
2015.05.21

Avira AntiVirus
ADWARE/Agent.852480.13
8.3.1.6

avast!
Adware-UE [PUP]
151004-0

AVG
Crossrider
2016.0.2920

Dr.Web
Trojan.DownLoader14.10941
9.0.1.05190

ESET NOD32
Win32/Packed.VMDetector.I potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/CrossRider
11/19/2015

G Data
Script.Application.Plush
15.11.25

K7 AntiVirus
Adware
13.204.15979

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.562

Malwarebytes
PUP.Optional.CrossRider.A
v2015.11.19.03

McAfee
Artemis!72A19F87FD81
5600.6576

MicroWorld eScan
Adware.JS.Crossrider.B
16.0.0.969

NANO AntiVirus
Trojan.Win32.Crossrider1.dqurbu
0.30.24.1636

Panda Antivirus
Generic Suspicious
15.11.19.03

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Downloader.Installer
15.4.19.1

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.151117

Trend Micro House Call
TROJ_GE.9EF839A1
7.2.323

Trend Micro
TROJ_GE.9EF839A1
10.465.19

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Threat.4725471
45208

Zillya! Antivirus
Trojan.BlackGen.Win32.11
2.0.0.2185

File size:
10.7 MB (11,191,053 bytes)

Copyright:
Copyright Webar

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\trojezwonybig.exe

File PE Metadata
Compilation timestamp:
12/4/2012 7:55:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
196608:wEdqndjM8DG/k3a2pESEnW+6hqba96nYy3uExq27ent67fDDwp:wECq8VTrEW+6XEuExT7et67fPwp

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9988  (probably packed)

Code size:
34.5 KB (35,328 bytes)

Remove trojezwonybig.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.