ge-force-novainstaller.exe

Ge-Force

iWebar

The application ge-force-novainstaller.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
iWebar

Product:
Ge-Force

Description:
Ge-Force exe

Version:
1000.1000.1000.1000

MD5:
2c68349a7ef8f5289fc94041a036511c

SHA-1:
8e0c55ad68fea2741c57dce574d97aa5b7b86911

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/24/2024 12:13:45 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Crossrider.iWebar.Installer.Meta (M)
16.7.1.13

File size:
628 KB (643,096 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Ge-Force.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ge-force\ge-force-novainstaller.exe

File PE Metadata
Compilation timestamp:
7/9/2014 12:04:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:RT9nFfqFZ+u590iP6UEXH353dm0/AZaxImpTQZam3wJj:RBFfqdSom35yobTTPV

Entry address:
0x49388

Entry point:
60, C6, C7, D9, 88, FD, F2, BB, C8, B8, 48, 61, 85, C8, 84, D6, 80, F1, 96, F2, 68, 8A, 2D, 84, 00, 68, B6, 31, C6, 00, EB, 06, BD, 2D, 2C, 10, C8, F2, 33, D2, 4B, F7, C3, 4C, 9C, 3E, 1E, FE, C0, 81, FB, 33, 11, 00, 00, 75, 05, FF, C6, B0, F2, F2, 8B, C1, FF, CD, 81, C2, 01, 00, 00, 00, 00, EF, 31, CB, FE, CB, 8A, C1, 24, 0F, F3, 0F, BE, E9, 84, CA, 81, FA, B8, 00, 00, 00, 0F, 8C, C4, FF, FF, FF, 20, C9, 0F, BF, DA, 85, C7, 68, 9C, 79, 70, 00, 0F, BF, EB, E8, 5A, 00, 00, 00, 8B, EB, C7, C5, 00, 90, 89, FC...
 
[+]

Code size:
444.5 KB (455,168 bytes)

Scheduled Task
Task name:
82bfa932-bd5d-4166-81ed-cb723c12a962-6

Path:
C:\WINDOWS\Tasks\82bfa932-bd5d-4166-81ed-cb723c12a962-6.job

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-50-63-202-36.ip.secureserver.net  (50.63.202.36:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.33.129:80)

Remove ge-force-novainstaller.exe - Powered by Reason Core Security