» da1cbd75-84f6-4908-bec8-64d6e44d60bb-10.exe
Overview
Analysis
File Details
Network (5)

da1cbd75-84f6-4908-bec8-64d6e44d60bb-10.exe

Ge-Force

Webar

The application da1cbd75-84f6-4908-bec8-64d6e44d60bb-10.exe has been detected as adware by 8 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address vip1.g5.cachefly.net on port 80 using the HTTP protocol.

File name:

Publisher:

Webar

Product:

Ge-Force

Description:

Ge-Force exe

Version:

1000.1000.1000.1000

MD5:

fe54120e6e92ef5039e9a4ed2bd551ad

SHA-1:

b8144018ebb6d2791686d09271a4c21a31c38e07

SHA-256:

bc06ecd33d8ac641c932bedae54379574ff7ece20fcb7231315d181fa9a23b77

Scanner detections:

8 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

11/23/2024 5:54:26 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen7

8.3.1.6

avast!

Win32:Adware-CMH [PUP]

2014.9-150520

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.15520

ESET NOD32

Win32/Toolbar.CrossRider.CO potentially unwanted (variant)

9.11651

G Data

Win32.Adware.Crossrider

15.5.25

Malwarebytes

PUP.Optional.GeForce.A

v2015.05.20.02

Reason Heuristics

Adware.Crossrider.Webar

15.5.19.22

Sophos

AppRider

4.98

File size:

1.4 MB (1,510,912 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Ge-Force.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\ge-force\da1cbd75-84f6-4908-bec8-64d6e44d60bb-10.exe

File PE Metadata

Compilation timestamp:

5/19/2015 10:06:28 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:xQBGNJPMHPytHvwW2gS1x9moP8hF8YIodIwTZpST+Wer/6AZJmzv2OqLdb:iBGNshko+FOwTZpSTBYlZJmzv2Okdb

Entry address:

0xC6B6D

Entry point:

E8, 49, 06, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B8, 39, 54, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 01, 54, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B8, 39, 54, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8... 
[+]

Code size:

968 KB (991,232 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-216-158.mrs50.r.cloudfront.net (54.230.216.158:80)

TCP (HTTP):

Connects to ec2-54-72-9-115.eu-west-1.compute.amazonaws.com (54.72.9.115:80)

TCP (HTTP):

Connects to sage.parklogic.com (69.39.236.56:80)

TCP (HTTP):

Connects to unknown.prolexic.com (72.52.4.90:80)

TCP (HTTP):

Connects to vip1.g5.cachefly.net (205.234.175.175:80)

Remove da1cbd75-84f6-4908-bec8-64d6e44d60bb-10.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.