» ge-force-buttonutil64.dll
Overview
Analysis
File Details
Programs (1)

ge-force-buttonutil64.dll

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The module ge-force-buttonutil64.dll by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 12 anti-malware scanners. This file is typically installed with the program Ge-Force by Sailor Project which is a potentially unwanted software program. The ButtonUtil module (64-bit version) uses the Crossrider web extension platform and will perform a number of helper integration on the user's web browser's as well as the Window's Shell in order to install the addon. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

BadFinger Project (BrightCircle Investments Limited) (signed and verified)

MD5:

7c3b3ea35f9a45bf857b6d08fc83b7ec

SHA-1:

93abc0f4cda6abb4001b8a8fe6228a8ffeedde8a

SHA-256:

9794b2c88f69fb02cac88e79c8db4dc2c1ce53238ebbb62a27015ad781f48119

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is BadFinger Project (BrightCircle Investments Limited).

Analysis date:

5/13/2024 12:07:46 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win64.CrossRider

2014.12.15

Avira AntiVirus

ADWARE/CrossRider.Gen

7.11.195.162

AVG

Generic

2016.0.3189

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.15223

ESET NOD32

Win32/Toolbar.CrossRider.BM (variant)

9.10878

Fortinet FortiGate

Adware/Adwapper

2/23/2015

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.2441

McAfee

Artemis!7C3B3EA35F9A

5600.6845

Panda Antivirus

Generic Suspicious

15.02.23.05

Reason Heuristics

Adware.Crossrider.Brightcircle

15.2.23.17

Sophos

AppRider

4.98

VIPRE Antivirus

Trojan.Win32.Generic

35740

File size:

519.5 KB (531,936 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\ge-force\ge-force-buttonutil64.dll

Digital Signature

Signed by:

BadFinger Project (BrightCircle Investments Limited)

Authority:

COMODO CA Limited

Valid from:

11/17/2014 8:00:00 AM

Valid to:

11/18/2015 7:59:59 AM

Subject:

CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata

Compilation timestamp:

12/9/2014 7:02:29 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:0lx3y0QKBADGGVcgTvqP4YjYziWoH2IUwIB8OVhu8EloWuSKjCJySG1Z9Tku89Wn:25+1DGS1Mucmi+TXDOuOFAh

Entry address:

0x32F7C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 9F, A5, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 10, 5E, 04, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.2615

Code size:

349 KB (357,376 bytes)

The file ge-force-buttonutil64.dll has been discovered within the following program.

Ge-Force by Sailor Project

Ge-Force/iWebbar is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.

crossrider.com/install/61911-ge-forces

80% remove it

Remove ge-force-buttonutil64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.