home

eliteunzipsetup.eliteunzip_aa.ffjcmnpnoopgilmnfhloocdcbnimmmea.ch.exe

Elite Unzip

Mindspark Interactive Network

This is the installer stub for the Mindspark (Mindspark Interactive Network/Ask) browser toolbar which provides the offer to the end user to install the toolbar and set the browser's search, home page and new tab to an Ask.com search destination. The application eliteunzipsetup.eliteunzip_aa.ffjcmnpnoopgilmnfhloocdcbnimmmea.ch.exe, “Elite Unzip Setup” by Mindspark Interactive Network has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the Setup Factory installer. This file is typically installed with the program Elite Unzip Internet Explorer Toolbar by Mindspark Interactive Network which is a potentially unwanted software program. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.
Publisher:
Mindspark Interactive Network  (signed and verified)

Product:
Elite Unzip

Description:
Elite Unzip Setup

Version:
1.2.8161.280

MD5:
6e6030d3165f4ff152839d789548a135

SHA-1:
5bf92e5db8af7ea064b538093dd2e865b7071c5a

SHA-256:
ba0295710678a9ce9e4ac0845ff4bdd7438a3e6009940b657b8e7d5764d7d382

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Analysis date:
4/25/2024 12:32:57 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mindspark-A [PUP]
2014.9-141123

AVG
MyWebSearch
2015.0.3281

Baidu Antivirus
Adware.Win32.MyWebSearch
4.0.3.141123

G Data
Win32.Adware.Mindspark
14.11.24

Malwarebytes
PUP.Optional.MindSpark.A
v2014.11.23.05

McAfee
Artemis!6E6030D3165F
5600.6937

Reason Heuristics
PUP.Installer.MindsparkInteractiveNetwork.
14.11.23.17

Trend Micro House Call
Suspicious_GEN.F47V1121
7.2.327

VIPRE Antivirus
MyWebSearch.J
35064

File size:
4 MB (4,161,288 bytes)

Product version:
1.1.8161.280

Copyright:
© 2014 Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.

Trademarks:
® & ™ Mindspark Interactive Network, Inc. An IAC Company. All rights reserved.

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\downloads\eliteunzipsetup.eliteunzip_aa.ffjcmnpnoopgilmnfhloocdcbnimmmea.ch.exe

Digital Signature
Signed by:
Mindspark Interactive Network

Authority:
VeriSign, Inc.

Valid from:
4/9/2012 7:00:00 PM

Valid to:
5/6/2015 6:59:59 PM

Subject:
CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
098417F7EA6406EC7B320590E17A65B7

File PE Metadata
Compilation timestamp:
8/27/2013 2:10:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:BhIm0gDHMxJOd6uxcLQ4x8x1UGomgkUinzEdjzpY5re2y3bJJFYzOz:TImhCo6uGLBgev1ktnGS5yLJLGOz

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Entropy:
7.9095  (probably packed)

Code size:
22 KB (22,528 bytes)

The file eliteunzipsetup.eliteunzip_aa.ffjcmnpnoopgilmnfhloocdcbnimmmea.ch.exe has been discovered within the following program.

Elite Unzip Internet Explorer Toolbar  by Mindspark Interactive Network
Publisher's description - “The Toolbar, in the course of processing a given search query, sends a request to our servers.”
support.mindspark.com
64% remove it
 
Powered by Should I Remove It?

The file eliteunzipsetup.eliteunzip_aa.ffjcmnpnoopgilmnfhloocdcbnimmmea.ch.exe has been seen being distributed by the following 20 URLs.

http://ak.dl.freeeliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.gpdjcoccminpbgmiffhifdcnelpojeeb.ch.exe

http://webplayer.unity3d.com/.../UnityWebPlayer.exe

http://up.br.bav.baidu.com/?rh=3F74717A8D6DDB4D9E51987419F1461F&baidusign=20055344&baidurand=27347

http://ak.dl.eliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.abpankepiknoefffniablkkifgpjgjal.ch.exe

http://ak.dl.eliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/.../EliteUnzipSetup.exe

http://ak.dl.freeeliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.abpankepiknoefffniablkkifgpjgjal.ch.exe

http://ak.dl.freeeliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.gnhpplcopilapakngimpdgnbhgbcnmja.ch.exe

http://ak.dl.freeeliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.onaeegcnkhafbgjigcejgenmgadfppbc.ch.exe

http://ak.dl.eliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.iogkcceegdcidimjaaembojgcnobnddk.ch.exe

http://ak.dl.freeeliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.gaklecphgkijookgheachpgdkeminped.ch.exe

http://ak.dl.freeeliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.iogkcceegdcidimjaaembojgcnobnddk.ch.exe

http://ak.dl.cursormania.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.ffjcmnpnoopgilmnfhloocdcbnimmmea.ch.exe

http://ak.dl.eliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.gpdjcoccminpbgmiffhifdcnelpojeeb.ch.exe

http://ak.dl.freeeliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.ffjcmnpnoopgilmnfhloocdcbnimmmea.ch.exe

http://ak.dl.freeeliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.gafhhbahpojnjfhpepjjfjojbphnogmn.ch.exe

http://ak.dl.cursormania.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.gafhhbahpojnjfhpepjjfjojbphnogmn.ch.exe

http://ak.dl.eliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.gaklecphgkijookgheachpgdkeminped.ch.exe

http://ak.dl.eliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.gafhhbahpojnjfhpepjjfjojbphnogmn.ch.exe

http://ak.dl.eliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1404743677501/.../EliteUnzipSetup.EliteUnzip_aa.ffjcmnpnoopgilmnfhloocdcbnimmmea.ch.exe

http://ak.dl.eliteunzip.com/images/nocache/vicinio/executable-packages/EliteUnzip/1416503515054/.../EliteUnzipSetup.EliteUnzip_aa.ffjcmnpnoopgilmnfhloocdcbnimmmea.ch.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.