mjuxnkloidzf.exe

Ge-Force

Webar

The application mjuxnkloidzf.exe, “Ge-Force Installer” has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Webar

Product:
Ge-Force

Description:
Ge-Force Installer

Version:
1.36.01.22

MD5:
d1c673e36ef26880185f099126197baa

SHA-1:
0ae625ce5eb0139d253433eaba4594946dc09c7f

SHA-256:
f88ad8df4f5b00982ae101089ad70bdde4d528e8b1e4d1949031fcba6c7886bd

Scanner detections:
16 / 68

Status:
Adware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
12/26/2024 5:05:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Parj.1
610

AhnLab V3 Security
PUP/Win32.CrossRider
2015.06.01

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

avast!
NSIS:Crossrider-EV [PUP]
2014.9-150605

Dr.Web
Trojan.Crossrider.46916
9.0.1.0156

ESET NOD32
Win32/Toolbar.CrossRider.CM potentially unwanted (variant)
9.11716

G Data
Script.Application.Plush
15.6.25

Malwarebytes
PUP.Optional.GeForce.A
v2015.06.05.02

MicroWorld eScan
Gen:Application.Parj.1
16.0.0.468

Panda Antivirus
Trj/Genetic.gen
15.06.05.02

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Downloader.Installer
15.6.4.22

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.15603

Trend Micro House Call
ADW_CROSSRIDER
7.2.156

Trend Micro
ADW_CROSSRIDER
10.465.05

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
9.7 MB (10,149,962 bytes)

Copyright:
Copyright Webar

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\mjuxnkloidzf.exe

File PE Metadata
Compilation timestamp:
12/4/2012 8:55:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
196608:3ohq51OQVS0Wu7F23CkmefaTWK90hvTUdkG1cT6IIwiYr/UzQKm:3ohq5cQsJu7FpefYAwdf21IwG8Km

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9982  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.2.28:80)

TCP (HTTP):
Connects to ec2-50-16-227-214.compute-1.amazonaws.com  (50.16.227.214:80)

Remove mjuxnkloidzf.exe - Powered by Reason Core Security