» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall.exe

Armageddon Labs (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by Armageddon Labs (BrightCircle Investments Limited) has been detected as adware by 31 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program Ge-Force by iWebar. This file is typically installed with the program Ge-Force by Sailor Project which is a potentially unwanted software program. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

uninstall.exe

Publisher:

Armageddon Labs (BrightCircle Investments Limited) (signed and verified)

MD5:

5cea58cfa81b49da784efac8b994b971

SHA-1:

000c0f975cff63ae6e09fcd1cb4fd1bf065c4c45

SHA-256:

5a10ea7e43feb2b7ddb29b438f75e93abce3efe68d6f31ea64ff3fcc5071d0ef

Scanner detections:

31 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/26/2024 3:48:35 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.gqX@lWgQ4jki

658

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

AhnLab V3 Security

PUP/Win32.CrossRider

2015.04.04

Avira AntiVirus

ADWARE/CrossRider.A.16593

3.6.1.96

avast!

Win32:Malware-gen

2014.9-150418

AVG

Generic

2016.0.3136

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.15418

Bitdefender

Gen:Application.Heur.gqX@lWgQ4jki

1.0.20.540

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.InstallCore.GIFI

21639

Dr.Web

Trojan.Crossrider1.23047

9.0.1.0108

Emsisoft Anti-Malware

Gen:Application.Heur.gqX@lWgQ4jki

8.15.07.19.09

ESET NOD32

Win32/Toolbar.CrossRider.BM potentially unwanted application

9.7.0.302.0

Fortinet FortiGate

Riskware/CrossRider

4/18/2015

F-Prot

W32/S-53d6fe83

v6.4.7.1.166

F-Secure

Riskware.Gen:Application.Heur.gqX@lWgQ4jki

11.2015-18-04_7

G Data

Gen:Application.Heur.gqX@lWgQ4jki

15.4.24

K7 AntiVirus

Trojan

13.202.15480

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

14.0.0.2173

McAfee

Artemis!5CEA58CFA81B

5600.6792

MicroWorld eScan

Gen:Application.Heur.gqX@lWgQ4jki

16.0.0.324

Norman

Gen:Application.Heur.gqX@lWgQ4jki

11.20150719

Panda Antivirus

Generic Suspicious

15.04.18.08

Qihoo 360 Security

Win32/Application.e66

1.0.0.1015

Quick Heal

PUA.BrightCircle.OD6

4.15.14.00

Reason Heuristics

Threat.Brightcicrle.Installer.Brightcircle

15.4.18.4

Sophos

Generic PUA AA

4.98

Trend Micro House Call

TROJ_GEN.R02KC0EAB15

7.2.108

Trend Micro

TROJ_GEN.R02KC0EAB15

10.465.18

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

39038

File size:

98 KB (100,320 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ge-force\uninstall.exe

Digital Signature

Signed by:

Armageddon Labs (BrightCircle Investments Limited)

Authority:

COMODO CA Limited

Valid from:

12/1/2014 7:00:00 AM

Valid to:

12/2/2015 6:59:59 AM

Subject:

CN=Armageddon Labs (BrightCircle Investments Limited), O=Armageddon Labs (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C5692390E715129E144F950D09DA6E8A

File PE Metadata

Compilation timestamp:

12/19/2014 6:07:35 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:Nvjqw91CRJ2XXwbvsuPZyxdR8FGw55KuZvcclxsWjcdbX/q97m:191CfyX6vFG2jR+bX/q9K

Entry address:

0x7A27

Entry point:

E8, 25, 59, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 88, 60, 41, 00, E8, 23, 0A, 00, 00, E8, 83, 23, 00, 00, 0F, B7, F0, 6A, 02, E8, B8, 58, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 99, 52, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

63.5 KB (65,024 bytes)

Program Uninstaller

Program name:

Ge-Force

Display publisher:

iWebar

Display version:

1.35.12.18

Uninstall string:

C:\Program Files (x86)\Ge-Force\Uninstall.exe /fcp=1

The file uninstall.exe has been discovered within the following program.

Ge-Force by Sailor Project

Ge-Force/iWebbar is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.

crossrider.com/install/61911-ge-forces

80% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.