home

Ghostery IE.exe

Ghostery IE

Evidon, Inc.

The application Ghostery IE.exe by Evidon has been detected as a potentially unwanted program by 10 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Evidon Inc.  (signed by Evidon, Inc.)

Product:
Ghostery IE

Description:
Ghostery IE exe

Version:
1.1.152.33

MD5:
3ea77d03a5a6363ff5a2df190af06097

SHA-1:
366af727ed7d65211ba9fb818e50e9ea7191aebb

SHA-256:
89f9ce6538f91d1dc14f3afc3aac061295e6c382a6af3b0cc8f3f5df7efc0e7d

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
11/27/2024 9:41:26 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14927

Bkav FE
W32.Clod65f.Trojan
1.3.0.4924

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.9054

K7 AntiVirus
Unwanted-Program
13.1712319

Malwarebytes
PUP.Optional.DealVault.A
v2014.09.27.01

McAfee
Artemis!1761062239BA
5600.6995

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.27.1

Sophos
AppRider
4.98

Trend Micro House Call
TROJ_GEN.R0C1H0AK613
7.2.270

VIPRE Antivirus
Crossrider
23390

File size:
1000.1 KB (1,024,104 bytes)

Product version:
1.1.152.33

Copyright:
Copyright 2011

Original file name:
Ghostery IE.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ghostery ie\ghostery ie.exe

Digital Signature
Signed by:
Evidon, Inc.

Authority:
The USERTRUST Network

Valid from:
3/13/2011 8:00:00 PM

Valid to:
3/13/2014 7:59:59 PM

Subject:
CN="Evidon, Inc.", O="Evidon, Inc.", STREET=28 W. 44th St., STREET=Ste. 800, L=New York, S=NY, PostalCode=10036, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00A360D17B416CE4A553A541F18C27640A

File PE Metadata
Compilation timestamp:
1/3/2013 12:51:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:ZDrmETRbE3Uv5niuz8d0vPncbaM5FFlI0eiq6qQM9cl:BmuRbAUv5niuz8d0vPnEFFVe56qQM8

Entry address:
0x9443E

Entry point:
E8, 0B, AD, 00, 00, E9, 89, FE, FF, FF, 2D, A4, 03, 00, 00, 74, 22, 83, E8, 04, 74, 17, 83, E8, 0D, 74, 0C, 48, 74, 03, 33, C0, C3, B8, 04, 04, 00, 00, C3, B8, 12, 04, 00, 00, C3, B8, 04, 08, 00, 00, C3, B8, 11, 04, 00, 00, C3, 8B, FF, 56, 57, 8B, F0, 68, 01, 01, 00, 00, 33, FF, 8D, 46, 1C, 57, 50, E8, 62, C6, FF, FF, 33, C0, 0F, B7, C8, 8B, C1, 89, 7E, 04, 89, 7E, 08, 89, 7E, 0C, C1, E1, 10, 0B, C1, 8D, 7E, 10, AB, AB, AB, B9, 78, 6F, 4F, 00, 83, C4, 0C, 8D, 46, 1C, 2B, CE, BF, 01, 01, 00, 00, 8A, 14, 01...
 
[+]

Entropy:
6.5275

Code size:
835.5 KB (855,552 bytes)

Remove Ghostery IE.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.