626d7800-9779-4789-b1f7-5cec9184bc63-10.exe

Ge-Force

Webar

The application 626d7800-9779-4789-b1f7-5cec9184bc63-10.exe has been detected as adware by 19 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Webar

Product:
Ge-Force

Description:
Ge-Force exe

Version:
1000.1000.1000.1000

MD5:
2c0af12d870e1cdaa5eae60b1f6be4e3

SHA-1:
c9ee1074529ffe9b056029f254376b615b4e8482

SHA-256:
09c7de2b1b991489c42cbe72571486c81bd172bafb2f54a2b5d49656d5638f0b

Scanner detections:
19 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/5/2024 3:23:04 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.171733
653

AhnLab V3 Security
PUP/Win32.CrossRider
2015.04.23

Avira AntiVirus
ADWARE/CrossRider.Gen4
3.6.1.96

avast!
Win32:Adware-CMH [PUP]
2014.9-150423

AVG
Potentially harmful program Crossrider_r.AC
2014.0.4311

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15423

Bitdefender
Gen:Variant.Adware.Graftor.171733
1.0.20.565

Dr.Web
Trojan.Crossrider1.27357
9.0.1.0228

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.171733
8.15.04.23.03

ESET NOD32
Win32/Toolbar.CrossRider.CD potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Adware.Graftor
11.2015-23-04_5

G Data
Gen:Variant.Adware.Graftor.171733
15.4.25

Malwarebytes
PUP.Optional.CrossRider
v2015.04.23.04

MicroWorld eScan
Gen:Variant.Adware.Graftor.171733
16.0.0.339

Reason Heuristics
Adware.Crossrider.Webar
15.4.23.3

Sophos
Generic PUA OF
4.98

SUPERAntiSpyware
Adware.CrossRider/Variant
9919

VIPRE Antivirus
Trojan.Win32.Generic
39704

File size:
1.2 MB (1,210,880 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Ge-Force.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ge-force\626d7800-9779-4789-b1f7-5cec9184bc63-10.exe

File PE Metadata
Compilation timestamp:
4/22/2015 12:05:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:956zb8lsxfrqwVCuaa9+rxe1PEvfT0pSJPb5I7Qk7qgq0:36vldVCY9PPIfT0pSJPb5I7Qk7Pq0

Entry address:
0x967ED

Entry point:
E8, B1, FE, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, D9, 50, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, A1, 50, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, D9, 50, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8...
 
[+]

Code size:
764 KB (782,336 bytes)

Scheduled Task
Task name:
626d7800-9779-4789-b1f7-5cec9184bc63-10_user

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.81.217:80)

Remove 626d7800-9779-4789-b1f7-5cec9184bc63-10.exe - Powered by Reason Core Security