» cursormania.exe
Overview
Analysis
File Details
Downloads (1)

cursormania.exe

Mindspark Interactive Network

The application cursormania.exe by Mindspark Interactive Network has been detected as a potentially unwanted program by 18 anti-malware scanners. This version of the file will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension. The file has been seen being downloaded from ak.exe.imgfarm.com.

File name:

cursormania.exe

Publisher:

Mindspark Interactive Network (signed and verified)

MD5:

2746b539feddd47d91c8c111a6174d10

SHA-1:

8b41e54c313ae8d7af5fdddb97a1b88bbfd61355

SHA-256:

72d73ba344a24744059ff131afd852cfcbb3437979ee6ef14c6a54fb169713ac

Scanner detections:

18 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 10:33:32 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:FunWeb [PUP]

2014.9-140320

AVG

AdInstaller.FunWeb

2015.0.3529

Bkav FE

W32.Clod8ee.Trojan

1.3.0.4959

Clam AntiVirus

Adware.FunWebProducts

0.98/18355

Dr.Web

Adware.Funweb.23

9.0.1.079

Emsisoft Anti-Malware

Gen:Variant.Chinky

8.14.03.20.05

ESET NOD32

Win32/AdInstaller (variant)

8.9552

Fortinet FortiGate

Adware/FunWeb

3/20/2014

F-Prot

W32/FunWeb.D@adw

v6.4.7.1.166

Kaspersky

not-a-virus:WebToolbar.Win32.MyWebSearch

14.0.0.4141

NANO AntiVirus

Riskware.Win32.FunWeb.tnunj

0.28.0.58394

Norman

Suspicious_Gen2.MNFGR

11.20140320

nProtect

Trojan-Clicker/W32.Agent.140864

14.03.17.01

Reason Heuristics

PUP.MindsparkInteractiveNetwork.L

14.8.8.2

Rising Antivirus

PE:Trojan.Win32.Generic.1523C486!354665606

23.00.65.14318

Total Defense

Win32/Adware.DQ

37.0.10823

Vba32 AntiVirus

AdWare.FunWeb

3.12.24.3

VIPRE Antivirus

MyWebSearch.J

27470

File size:

137.6 KB (140,864 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\cursormania.exe

Digital Signature

Signed by:

Mindspark Interactive Network

Authority:

VeriSign, Inc.

Valid from:

5/30/2010 8:00:00 PM

Valid to:

5/6/2012 7:59:59 PM

Subject:

CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

41730EB0E6D92A476E16628A0DBEFB36

File PE Metadata

Compilation timestamp:

3/24/2011 9:53:01 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:xODn1Orjqi6oaGd3K2jXjvyBvo0vVD4HtF:gROy09d3jX72qX

Entry address:

0x15FC

Entry point:

55, 8B, EC, 83, EC, 44, 53, 56, 6A, 00, FF, 15, 68, 30, 40, 00, A3, 8C, 41, 40, 00, FF, 15, 64, 30, 40, 00, 8B, 1D, 60, 30, 40, 00, 8B, F0, 85, F6, 75, 04, 6A, FF, FF, D3, 8A, 06, 57, 8B, 3D, DC, 30, 40, 00, 3C, 22, 75, 1B, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 04, 84, C0, 75, F1, 80, 3E, 22, 75, 15, 56, FF, D7, 8B, F0, EB, 0E, 3C, 20, 7E, 0A, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, 8A, 06, 84, C0, 74, 04, 3C, 20, 7E, E1, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 5C, 30, 40, 00, E8, 2D, 00, 00, 00, F6, 45... 
[+]

Entropy:

7.4348

Developed / compiled with:

Microsoft Visual C++

Code size:

8 KB (8,192 bytes)

The file cursormania.exe has been seen being distributed by the following URL.

http://ak.exe.imgfarm.com/images/nocache/mindspark/ei/.../CursorMania.exe

Remove cursormania.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.