» crextpgt.exe
Overview
Analysis
File Details
Programs (10)
Network (5)

crextpgt.exe

Mindspark Toolbar Platform for Internet Explorer

Mindspark Interactive Network

The application crextpgt.exe, “Mindspark Toolbar Platform” by Mindspark Interactive Network has been detected as a potentially unwanted program by 10 anti-malware scanners. Additionally, the file is typically installed by a number of programs including MapsGalaxy Internet Explorer Toolbar by Mindspark Interactive Network and TranslationBuddy Internet Explorer Toolbar by Mindspark Interactive Network, both potentially unwanted software. This version of the file will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.

File name:

crextpgt.exe

Publisher:

Mindspark (signed by Mindspark Interactive Network)

Product:

Mindspark Toolbar Platform for Internet Explorer

Description:

Mindspark Toolbar Platform

Version:

1.0.7.205

MD5:

92bac85f49bbd97e53fd94fac848736d

SHA-1:

eb8bd3471580cf28057544abd4f83596a60480cc

SHA-256:

03b9f4a202539119883a986234ac1ae2ff02adcbfc83d6dfef1876f7ae782b26

Scanner detections:

10 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 7:07:37 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Mindspark-A [PUP]

2014.9-140829

AVG

Zango

2015.0.3367

Baidu Antivirus

Adware.Win32.MyWebSearch

4.0.3.14829

Fortinet FortiGate

Riskware/MyWebSearch

8/29/2014

Kaspersky

not-a-virus:WebToolbar.Win32.MyWebSearch

14.0.0.3332

Malwarebytes

PUP.Optional.MindSpark.A

v2014.08.29.02

Panda Antivirus

Adware/WebSearch

14.08.29.02

Reason Heuristics

PUP.Toolbar.MindsparkInteractiveNetwork.I

14.8.29.14

Trend Micro House Call

Suspicious_GEN.F47V0812

7.2.241

VIPRE Antivirus

MyWebSearch.J

32348

File size:

1 MB (1,099,336 bytes)

Product version:

2.5.15.0

Original file name:

CrExtProc.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\gamingwonderland\bar\1.bin\crextpgt.exe

Digital Signature

Signed by:

Mindspark Interactive Network

Authority:

VeriSign, Inc.

Valid from:

4/9/2012 8:00:00 PM

Valid to:

5/6/2015 7:59:59 PM

Subject:

CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

098417F7EA6406EC7B320590E17A65B7

File PE Metadata

Compilation timestamp:

7/24/2014 8:13:37 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:YsfllX6N6L+Gk2yBds88PoB8wzXI2rgRG2Ao1TXqLcz8/k:YsfuN6L+Gk2EdwPoBXXI2MRMuZ8/k

Entry address:

0x5CA0F

Entry point:

E8, FD, B3, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 4D, 73, 00, 00, 83, C4, 14, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 56, 33, C0, 50, 50, 50, 50, 50, 50, 50, 50, 8B, 55, 0C, 8D, 49, 00, 8A, 02, 0A, C0, 74, 09, 83, C2, 01, 0F, AB, 04, 24, EB, F1, 8B, 75, 08, 83, C9, FF, 8D, 49, 00, 83, C1, 01, 8A, 06, 0A, C0, 74, 09, 83, C6, 01, 0F, A3, 04, 24, 73, EE, 8B, C1, 83, C4, 20, 5E, C9, C3, 8B, FF, 55, 8B, EC, 83, EC, 20, 53... 
[+]

Entropy:

6.4917

Code size:

526.5 KB (539,136 bytes)

The file crextpgt.exe has been discovered within the following programs.

Allin1Convert Internet Explorer Toolbar by Mindspark Interactive Network

Functionality of the toolbar includes: - Changing the web browser's default home page to MyWebSearch.com. - Changing the browser's search provider, built-in search box to MyWebSearch.com. - Ability to modify the 'new tab' functionality to launch the modified search portal page.

support.mindspark.com

64% remove it

APlusGamer Internet Explorer Toolbar by Mindspark Interactive Network

This ad-supported toolbar installs a Mindspark branded Ask.com Toolbar in the user's Internet browsers. The software will modify the browser by changing the homepage and search provider to an Ask.com partner landing page. With this, it will display Ask.

70% remove it

Astrology Internet Explorer Toolbar by Mindspark Interactive Network

This Mindspark toolbar for IE may modify the web browser's homepage and search provider to ask.com as well as change a number of the security settings of the browser. These changes will allow it to perform additional ad-supported functions in the browser.

62% remove it

CursorMania Internet Explorer Toolbar by Mindspark Interactive Network

From the Terms of Service: "As part of the download process for the Toolbar, you may be given the option to reset your Internet browser's homepage to an Ask homepage product and/or reset your new tab page to an Ask new tab product.

70% remove it

DictionaryBoss Internet Explorer Toolbar by Mindspark Interactive Network

Installs a potentailly unwanted Ask.com powered toolbr - "As part of the download process for the Toolbar, you may be given the option to reset your homepage and/or reset your new tab page to an Ask® home page and new tab product.

71% remove it

Elite Unzip Internet Explorer Toolbar by Mindspark Interactive Network

Publisher's description - “The Toolbar, in the course of processing a given search query, sends a request to our servers.”

64% remove it

HeadlineAlley Internet Explorer Toolbar by Mindspark Interactive Network

HeadlineAlley is a Mindspark web browser toolbar that is designed to modify the users search and home pages to Ask.com (or MyWebSearch).

63% remove it

HomeworkSimplified Internet Explorer Toolbar by Mindspark Interactive Network

Publisher's description - “The My Web Search Toolbar, in the course of processing a given search query, sends a request to our servers.”

71% remove it

HowToSimplified Internet Explorer Toolbar by Mindspark Interactive Network

74% remove it

InboxAce Internet Explorer Toolbar by Mindspark Interactive Network

This is a web browser extension/toolbar that will modify the user's home page and search provider to Ask.com.

70% remove it

Latest 20 of 20 programs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to xx-fbcdn-shv-01-sit4.fbcdn.net (31.13.78.17:80)

TCP (HTTP):

Connects to a96-17-182-16.deploy.akamaitechnologies.com (96.17.182.16:80)

TCP (HTTP):

Connects to xx-fbcdn-shv-01-mrs1.fbcdn.net (31.13.75.12:80)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-mrs1.facebook.com (31.13.75.36:443)

TCP (HTTP):

Connects to a84-53-132-243.deploy.akamaitechnologies.com (84.53.132.243:80)

Remove crextpgt.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.