downspeedtest.82f321c892ab478fa961e3c928e0cded.exe

DownSpeedTest

Mindspark Interactive Network

The file downspeedtest.82f321c892ab478fa961e3c928e0cded.exe, “DownSpeedTest Setup” by Mindspark Interactive Network has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from ak.imgfarm.com and multiple other hosts.
Publisher:
Mindspark Interactive Network, Inc.  (signed by Mindspark Interactive Network)

Product:
DownSpeedTest

Description:
DownSpeedTest Setup

Version:
2.7.1.1000

MD5:
ced323c45b7fdd1fc9b083aad5964177

SHA-1:
87e3d5e722c8842b2071239d890fb0816085cd22

SHA-256:
580e2da0c4fdddf4245be5b9a5be538c617bab6a98b28455a13a4506247a4ef8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/28/2018 9:41:15 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Mindspark (M)
16.10.24.18

File size:
366.2 KB (375,016 bytes)

Product version:
2.7.1.1000

Copyright:
© 2015 Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.

Trademarks:
® & ™ Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\downspeedtest.82f321c892ab478fa961e3c928e0cded.exe.iphlhjf.partial

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/20/2015 1:00:00 AM

Valid to:
6/19/2018 12:59:59 AM

Subject:
CN=Mindspark Interactive Network, O=Mindspark Interactive Network, L=Yonkers, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
438D4291E43C2DFFEEAAAEE5B6C070B5

File PE Metadata
Compilation timestamp:
12/25/2013 5:01:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:1bUTp1QgO8JdpvCgNvM+/87wBeat1RAAx94DqoJ4XPRSDJikrHLAPS7EQRMuOBfH:1IgopvD87wBe2Rf4DqoGPRSDskrHMBQ2

Entry address:
0x3229

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 14, C7, 44, 24, 10, D8, A2, 40, 00, 89, 6C, 24, 1C, FF, 15, 34, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 81, 40, 00, 55, FF, 15, AC, 82, 40, 00, 6A, 08, A3, 58, 4F, 43, 00, E8, 9F, 2E, 00, 00, A3, A4, 4E, 43, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, B8, B1, 42, 00, FF, 15, 7C, 81, 40, 00, 68, C0, A2, 40, 00, 68, A0, 3E, 43, 00, E8, 0A, 2B, 00, 00, FF, 15, 38, 81, 40, 00, BB, 00, F0, 43, 00, 50, 53, E8, F8, 2A, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24.5 KB (25,088 bytes)

The file downspeedtest.82f321c892ab478fa961e3c928e0cded.exe has been seen being distributed by the following 50 URLs.

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.a4108631ec5848d2a88586a5ab4613ba.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.897ba66f27744ca28e9c284ae8bc1e3c.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.7063550255454e38a610c919f5bed375.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.3574ee90a8b3452397999462cd930c76.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.c15226528285467fa0746d4650f45f8d.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.c679a7a5a2024850ae8d2cce5cb6c9e2.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.03a837d74612483e9f2048ebfa5cdd48.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.6ff6e92d85214db6a5be7d360b01e8f0.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.3e44453994b4423098c218ba0f9151a3.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.846b66b7e2124b28b2614a69afd0bafa.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.91e44b62bc514e1db4672db64924c7b3.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.3b3629dbf1cb423e9a30b7975da23b3c.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.65f67c03aa074936806c2787db070b4d.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.afd25c46716c4fda8a519745eba2fae6.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.ac457a48857b4622b0cdccf4387c1fec.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.c9b4063344d44d729ad736e173046aed.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.2958412cdb414fc88790d378731a18d4.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.3b29363cb3604055acfad0409749f7a3.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.b778e482aca548da94ba1d26962f5eb7.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.496ba336da3344e5b4834dddc7647c37.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.ae8fe87e0fbe433094f34067c36734b4.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.ceb507fd70784ac9bf23d0bae4148a1e.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.6fdfa5424ca44fe4b7436c6b4c8e8ff3.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.38fa6f0432a54deba8d0504f8109b18d.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.edbc5126c5fc4cc9ae9b99502e6b4607.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.324d2f697b1e43dfa581d893cba7cc79.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.26073be370c8410082778d1f16830840.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.8884f92c1d0841be87f5ae60b51dd6bd.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.1599f439a6824cb7a1651b8a6da4afc2.exe

http://ak.imgfarm.com/images/nocache/vicinio/installers/v2/224179243.TTAB02.1/nsis/692904-TTAB02.1/161019112804832/.../DownSpeedTest.e0d5a636f81546bdac42a4ea3730b72b.exe

Latest 30 of 964 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to 74.113.235.138.dub.iaccap.com  (74.113.235.138:443)

TCP (HTTP):
Connects to 74.113.233.192.df.iaccap.com  (74.113.233.192:80)

TCP (HTTP SSL):
Connects to 74.113.233.180.df.iaccap.com  (74.113.233.180:443)

TCP (HTTP SSL):
Connects to a23-215-157-237.deploy.static.akamaitechnologies.com  (23.215.157.237:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to 74.113.237.180.lv.iaccap.com  (74.113.237.180:443)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to a23-194-103-128.deploy.static.akamaitechnologies.com  (23.194.103.128:443)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to a23-45-196-186.deploy.static.akamaitechnologies.com  (23.45.196.186:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a23-206-224-158.deploy.static.akamaitechnologies.com  (23.206.224.158:443)

TCP (HTTP SSL):
Connects to a104-94-4-98.deploy.static.akamaitechnologies.com  (104.94.4.98:443)

TCP (HTTP SSL):
Connects to a104-84-163-71.deploy.static.akamaitechnologies.com  (104.84.163.71:443)

TCP (HTTP SSL):
Connects to a104-108-38-84.deploy.static.akamaitechnologies.com  (104.108.38.84:443)

TCP (HTTP SSL):
Connects to a23-79-128-101.deploy.static.akamaitechnologies.com  (23.79.128.101:443)

TCP (HTTP SSL):
Connects to a23-77-180-84.deploy.static.akamaitechnologies.com  (23.77.180.84:443)

TCP (HTTP):