home

3kbrmon.exe

Mindspark Interactive Network

This is the startup monitor for the Mindspark/MyWebSearch toolbar and will monitor the toolbar within the browser to make sure it loads and updates. The application 3kbrmon.exe, “CrazyForCricket Browser Plugin Loader” by Mindspark Interactive Network has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CrazyForCricket_3k Browser Plugin Loader’.
Publisher:
CrazyForCricket  (signed by Mindspark Interactive Network)

Product:
CrazyForCricket

Description:
CrazyForCricket Browser Plugin Loader

Version:
1,0,0,2

MD5:
3b847ad88c06d36b993579a1887e1a7c

SHA-1:
e6190036aa0e96c611310a1992208daa237dca42

SHA-256:
53b6174c2b4d5de260118933b836fc471931a54c12605d6c91236aa9c0108072

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 12:58:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Mindspark.MindsparkInteractiveNetwork (M)
16.2.14.8

File size:
25.9 KB (26,560 bytes)

Product version:
2,3,0,0

Copyright:
Copyright © 2010

Original file name:
3kbrmon.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\crazyforcricket_3k\bar\1.bin\3kbrmon.exe

Digital Signature
Signed by:
Mindspark Interactive Network

Authority:
VeriSign, Inc.

Valid from:
5/31/2010 5:30:00 AM

Valid to:
5/7/2012 5:29:59 AM

Subject:
CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
41730EB0E6D92A476E16628A0DBEFB36

File PE Metadata
Compilation timestamp:
9/29/2010 4:54:43 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
192:d+z9hXcLL9xkcHHgE2piIUnUSxC+ebCf3EkQpkqs1IPMyowJL/hdDmu:d+YLLTkcHMqx0bCf1qMYJLuu

Entry address:
0x1460

Entry point:
83, EC, 44, 53, 56, 6A, 00, FF, 15, 3C, 20, 40, 00, A3, 1C, 32, 40, 00, FF, 15, 38, 20, 40, 00, 8B, 1D, 34, 20, 40, 00, 8B, F0, 85, F6, 75, 04, 6A, FF, FF, D3, 8A, 06, 57, 8B, 3D, 8C, 20, 40, 00, 3C, 22, 75, 1B, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 04, 84, C0, 75, F1, 80, 3E, 22, 75, 15, 56, FF, D7, 8B, F0, EB, 0E, 3C, 20, 7E, 0A, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, 8A, 06, 84, C0, 74, 0F, 3C, 20, 7F, 0B, 56, FF, D7, 8B, F0, 8A, 06, 84, C0, 75, F1, 8D, 44, 24, 0C, C7, 44, 24, 38, 00, 00, 00, 00, 50...
 
[+]

Entropy:
3.7547

Code size:
4 KB (4,096 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CrazyForCricket_3k Browser Plugin Loader

Command:
C:\Program Files2\crazyf~2\bar\1.bin\3kbrmon.exe


Remove 3kbrmon.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.