home

5mbarsvc.exe

PRODUCTVERS_NAME

Mindspark Interactive Network

The application 5mbarsvc.exe, “PRODUCTVERS_TITLE” by Mindspark Interactive Network has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “MyFunCardsService”. Additionally, the file is typically installed by a number of programs including MapsGalaxy Internet Explorer Toolbar by Mindspark Interactive Network and VerifiedVPN Internet Explorer Toolbar by Mindspark Interactive Network, both potentially unwanted software.
Publisher:
COMPANYVERS_NAME  (signed by Mindspark Interactive Network)

Product:
PRODUCTVERS_NAME

Description:
PRODUCTVERS_TITLE

Version:
1, 0, 1, 0

MD5:
54d6bc524f1fb026d6eb569581e38885

SHA-1:
d6baf2c94b81c6969c88f96bb8aee92868d6310e

SHA-256:
bffd86ae8c675b96851e8f0ce5d507967ea80aca753a6cf30c7c0d2e2584d007

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 6:28:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Mindspark (M)
17.3.16.0

File size:
86.6 KB (88,648 bytes)

Product version:
2, 3, 0, 0

Copyright:
Copyright © 2009, 2010, 2011, 2012

Original file name:
TWOLETTERPREFIXVERSsvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\myfuncards_5m\bar\1.bin\5mbarsvc.exe

Digital Signature
Signed by:
Mindspark Interactive Network

Authority:
VeriSign, Inc.

Valid from:
4/9/2012 8:00:00 PM

Valid to:
5/6/2015 7:59:59 PM

Subject:
CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
098417F7EA6406EC7B320590E17A65B7

File PE Metadata
Compilation timestamp:
3/14/2014 7:47:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x452E

Entry point:
E8, 3C, 3F, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, C0, 2F, 41, 00, 89, 0D, BC, 2F, 41, 00, 89, 15, B8, 2F, 41, 00, 89, 1D, B4, 2F, 41, 00, 89, 35, B0, 2F, 41, 00, 89, 3D, AC, 2F, 41, 00, 66, 8C, 15, D8, 2F, 41, 00, 66, 8C, 0D, CC, 2F, 41, 00, 66, 8C, 1D, A8, 2F, 41, 00, 66, 8C, 05, A4, 2F, 41, 00, 66, 8C, 25, A0, 2F, 41, 00, 66, 8C, 2D, 9C, 2F, 41, 00, 9C, 8F, 05, D0, 2F, 41, 00, 8B, 45, 00, A3, C4, 2F, 41, 00, 8B, 45, 04, A3, C8, 2F, 41, 00, 8D, 45, 08, A3, D4, 2F, 41...
 
[+]

Entropy:
6.3755

Code size:
50 KB (51,200 bytes)

Service
Display name:
MyFunCardsService

Service name:
MyFunCards_5mService

Type:
Win32OwnProcess


The file 5mbarsvc.exe has been discovered within the following programs.

Allin1Convert Internet Explorer Toolbar  by Mindspark Interactive Network
Functionality of the toolbar includes: - Changing the web browser's default home page to MyWebSearch.com. - Changing the browser's search provider, built-in search box to MyWebSearch.com. - Ability to modify the 'new tab' functionality to launch the modified search portal page.
support.mindspark.com
64% remove it
BringMeSports Internet Explorer Toolbar  by Mindspark Interactive Network
Publisher's description - “As part of the download process for the Toolbar, you may be given the option to reset your Internet browser's homepage to an Ask homepage product and/or reset your new tab page to an Ask new tab product.”
67% remove it
DictionaryBoss Internet Explorer Toolbar  by Mindspark Interactive Network
Installs a potentailly unwanted Ask.com powered toolbr - "As part of the download process for the Toolbar, you may be given the option to reset your homepage and/or reset your new tab page to an Ask® home page and new tab product.
71% remove it
FilmFanatic Internet Explorer Toolbar  by Mindspark Interactive Network
Publisher's description - “The My Web Search Toolbar sends a configuration request when you start your browser.”
73% remove it
FromDocToPDF Internet Explorer Toolbar  by Mindspark Interactive Network
FromDocToPDF Internet Explorer Toolbar is a web browser extension that changes the browsers search and home pages as well as delivers.
62% remove it
GamingWonderland Internet Explorer Toolbar  by Mindspark Interactive Network
Publisher's description - “The Toolbar installs into your Internet browser and allows you to search the Internet with MyWebSearch.”
73% remove it
InboxAce Internet Explorer Toolbar  by Mindspark Interactive Network
This is a web browser extension/toolbar that will modify the user's home page and search provider to Ask.com.
70% remove it
MapsGalaxy Internet Explorer Toolbar  by Mindspark Interactive Network
MapsGalaxy Internet Explorer Toolbar installs is a web browser extension and allows provides users the means to search the Internet with MyWebSearch, a potentially unwanted program that changes and redircts all of your search results as well as DNS errors, and modifies your home page to mywebsearch.
75% remove it
My Scrap Nook Internet Explorer Toolbar  by Mindspark Interactive Network
Publisher's description - “Toolbar Search Functions: The Toolbar installs into your Internet browser and allows you to search the Internet with MyWebSearch® and may provide other search features as further described herein.”
66% remove it
MyFunCards Internet Explorer Toolbar  by Mindspark Interactive Network
Publisher's description - “Certain versions of the Toolbar may include features of or links to one or more of Mindspark's FunWebProducts™ suite of websites and applications or other Mindspark- or Mindspark affiliate-provided websites or products.”
62% remove it
 
Latest 20 of 20 programs
Powered by Should I Remove It?

Remove 5mbarsvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.