» bringmesportssetup2.5.15.8.^yl^man000^yya^.exe
Overview
Analysis
File Details
Network (2)

bringmesportssetup2.5.15.8.^yl^man000^yya^.exe

Mindspark Interactive Network

This is the installer stub for the Mindspark (BringMeSports/Ask) browser toolbar which provides the offer to the end user to install the toolbar and set the browser's search, home page and new tab to an Ask.com search destination. The application bringmesportssetup2.5.15.8.^yl^man000^yya^.exe by Mindspark Interactive Network has been detected as a potentially unwanted program by 17 anti-malware scanners. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.

File name:

Publisher:

BringMeSports (signed by Mindspark Interactive Network)

Product:

BringMeSports

Version:

2, 0, 5, 6

MD5:

8e6472196281f63f66111315cf259310

SHA-1:

e1b1e6ec264920b82f050ff3b61a4d20a50c6789

SHA-256:

3bb7f57998f772222bc766454bfcfccc3f2a3d14b5b409513174d7d5264d23f2

Scanner detections:

17 / 68

Status:

Potentially unwanted

Explanation:

Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Analysis date:

4/18/2024 11:26:39 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.MyWebSearch

7.1.1

avast!

Win32:Mindspark-A [PUP]

141119-1

AVG

Potentially harmful program MyWebSearch

2014.0.4189

Baidu Antivirus

Adware.Win32.MyWebSearch

4.0.3.141128

Clam AntiVirus

Adware.MyWebSearch-15

0.98/21511

Dr.Web

infected with Trojan.KillFiles.15499

9.0.1.05190

ESET NOD32

Win32/Toolbar.MyWebSearch.V potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/FunWeb

11/26/2014

G Data

Win32.Adware.Mindspark

14.11.24

Kaspersky

not-a-virus:WebToolbar.Win32.MyWebSearch

15.0.0.543

Malwarebytes

PUP.Optional.MindSpark.A

v2014.11.28.01

McAfee

Artemis!84571964A4C6

5600.6934

NANO AntiVirus

Riskware.Win32.WebSearch.dedrnq

0.28.6.63726

Qihoo 360 Security

Win32/Virus.WebToolbar.ce0

1.0.0.1015

Reason Heuristics

PUP.Installer.MindsparkInteractiveNetwork.g

14.11.26.10

Rising Antivirus

PE:Trojan.Win32.Generic.14BC5C6C!347888748

23.00.65.141124

VIPRE Antivirus

Threat.200876

35088

File size:

5.7 MB (5,970,312 bytes)

Product version:

2, 0, 5, 6

Original file name:

1cSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\bringmesportssetup2.5.15.8.^yl^man000^yya^.exe

Digital Signature

Signed by:

Mindspark Interactive Network

Authority:

VeriSign, Inc.

Valid from:

4/9/2012 8:00:00 PM

Valid to:

5/6/2015 7:59:59 PM

Subject:

CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

098417F7EA6406EC7B320590E17A65B7

File PE Metadata

Compilation timestamp:

10/31/2014 2:00:08 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:fLoJGtTHwxxiObinqFQppdTBsW7wkIzqHScy0o0Gtb1rgM8ADv:EEt0fiOunqo0Ewr6St0o9bCM8k

Entry address:

0x3E59

Entry point:

55, 8B, EC, 83, EC, 44, 53, 56, 6A, 00, FF, 15, 00, 51, 40, 00, A3, 14, 8B, 40, 00, FF, 15, 8C, 50, 40, 00, 8B, 1D, 88, 50, 40, 00, 8B, F0, 85, F6, 75, 04, 6A, FF, FF, D3, 8A, 06, 57, 8B, 3D, 64, 51, 40, 00, 3C, 22, 75, 1B, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 04, 84, C0, 75, F1, 80, 3E, 22, 75, 15, 56, FF, D7, 8B, F0, EB, 0E, 3C, 20, 7E, 0A, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, 8A, 06, 84, C0, 74, 04, 3C, 20, 7E, E1, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 84, 50, 40, 00, E8, 2D, 00, 00, 00, F6, 45... 
[+]

Entropy:

7.6986

Developed / compiled with:

Microsoft Visual C++

Code size:

16 KB (16,384 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www187.mindspark.com (74.113.233.187:80)

TCP (HTTP):

Connects to anx.mindspark.com (74.113.233.187:80)

Remove bringmesportssetup2.5.15.8.^yl^man000^yya^.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.