» gtmedint.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (10)
Network (2)

gtmedint.exe

Mindspark Toolbar Platform for Internet Explorer

Mindspark Interactive Network

The application gtmedint.exe, “Mindspark Toolbar Platform” by Mindspark Interactive Network has been detected as a potentially unwanted program by 10 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘GamingWonderland EPM Support’. Additionally, the file is typically installed by a number of programs including MapsGalaxy Internet Explorer Toolbar by Mindspark Interactive Network and TranslationBuddy Internet Explorer Toolbar by Mindspark Interactive Network, both potentially unwanted software. This version of the file will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.

File name:

gtmedint.exe

Publisher:

Mindspark (signed by Mindspark Interactive Network)

Product:

Mindspark Toolbar Platform for Internet Explorer

Description:

Mindspark Toolbar Platform

Version:

1.0.7.205

MD5:

df5ce0e2d96d747ed9fd82d6128cd393

SHA-1:

6a18914283455d7a001e4114589276e8d2b89236

SHA-256:

5eeafab502b117d020c82aa8772d7d10016abab1f04d04b8d2efdbbe14505492

Scanner detections:

10 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 10:13:43 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Mindspark-A [PUP]

2014.9-140829

AVG

Zango

2015.0.3367

Baidu Antivirus

Adware.Win32.MyWebSearch

4.0.3.14829

Fortinet FortiGate

Riskware/MyWebSearch

8/29/2014

Kaspersky

not-a-virus:WebToolbar.Win32.MyWebSearch

14.0.0.3332

Malwarebytes

PUP.Optional.MindSpark.A

v2014.08.29.02

Panda Antivirus

Adware/WebSearch

14.08.29.02

Reason Heuristics

Plugin.MyWebSearch.Toolbar.I

14.8.29.14

Trend Micro House Call

Suspicious_GEN.F47V0812

7.2.241

VIPRE Antivirus

IBIS.WebSearch Toolbar

32348

File size:

12.6 KB (12,872 bytes)

Product version:

2.5.15.0

Original file name:

t8MedInt.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\gamingwonderland\bar\1.bin\gtmedint.exe

Digital Signature

Signed by:

Mindspark Interactive Network

Authority:

VeriSign, Inc.

Valid from:

4/9/2012 8:00:00 PM

Valid to:

5/6/2015 7:59:59 PM

Subject:

CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

098417F7EA6406EC7B320590E17A65B7

File PE Metadata

Compilation timestamp:

7/24/2014 8:13:41 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

192:d5UqlID8GqwWe3aW/cnYe+PjPh+rO4dj+vyge8r9ZCspE+TMYrVmXxc13kh:TUfD8GqwWe3aW0nYPLhHuVteMMmBv

Entry address:

0x103B

Entry point:

55, 8B, EC, B8, 50, 81, 00, 00, E8, 68, 02, 00, 00, 53, 56, 57, FF, 15, 0C, 20, 40, 00, 32, D2, 8A, 08, 80, F9, 20, 7F, 08, 84, C9, 74, 11, 84, D2, 74, 0D, 80, F9, 22, 75, 05, 84, D2, 0F, 94, C2, 40, EB, E4, 8A, 08, 84, C9, 74, 08, 80, F9, 20, 7F, 03, 40, EB, F2, 8D, 8D, B0, 7E, FF, FF, 8B, D0, 8B, C1, 33, FF, BE, 00, 80, 00, 00, 2B, D0, 8D, 86, FE, 7F, FF, 7F, 85, C0, 74, 0D, 8A, 04, 0A, 84, C0, 74, 06, 88, 01, 41, 4E, 75, E9, 85, F6, 75, 06, 49, BF, 7A, 00, 07, 80, C6, 01, 00, 89, 7D, FC, 85, FF, 0F, 88... 
[+]

Entropy:

6.3816

Developed / compiled with:

Microsoft Visual C++

Code size:

1024 Bytes (1,024 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

GamingWonderland EPM Support

Command:

"C:\Program Files2\gaming~2\bar\1.bin\gtmedint.exe" t8epmsup.dll,s

The file gtmedint.exe has been discovered within the following programs.

Allin1Convert Internet Explorer Toolbar by Mindspark Interactive Network

Functionality of the toolbar includes: - Changing the web browser's default home page to MyWebSearch.com. - Changing the browser's search provider, built-in search box to MyWebSearch.com. - Ability to modify the 'new tab' functionality to launch the modified search portal page.

support.mindspark.com

64% remove it

APlusGamer Internet Explorer Toolbar by Mindspark Interactive Network

This ad-supported toolbar installs a Mindspark branded Ask.com Toolbar in the user's Internet browsers. The software will modify the browser by changing the homepage and search provider to an Ask.com partner landing page. With this, it will display Ask.

70% remove it

Astrology Internet Explorer Toolbar by Mindspark Interactive Network

This Mindspark toolbar for IE may modify the web browser's homepage and search provider to ask.com as well as change a number of the security settings of the browser. These changes will allow it to perform additional ad-supported functions in the browser.

62% remove it

CursorMania Internet Explorer Toolbar by Mindspark Interactive Network

From the Terms of Service: "As part of the download process for the Toolbar, you may be given the option to reset your Internet browser's homepage to an Ask homepage product and/or reset your new tab page to an Ask new tab product.

70% remove it

DictionaryBoss Internet Explorer Toolbar by Mindspark Interactive Network

Installs a potentailly unwanted Ask.com powered toolbr - "As part of the download process for the Toolbar, you may be given the option to reset your homepage and/or reset your new tab page to an Ask® home page and new tab product.

71% remove it

Elite Unzip Internet Explorer Toolbar by Mindspark Interactive Network

Publisher's description - “The Toolbar, in the course of processing a given search query, sends a request to our servers.”

64% remove it

HeadlineAlley Internet Explorer Toolbar by Mindspark Interactive Network

HeadlineAlley is a Mindspark web browser toolbar that is designed to modify the users search and home pages to Ask.com (or MyWebSearch).

63% remove it

HomeworkSimplified Internet Explorer Toolbar by Mindspark Interactive Network

Publisher's description - “The My Web Search Toolbar, in the course of processing a given search query, sends a request to our servers.”

71% remove it

HowToSimplified Internet Explorer Toolbar by Mindspark Interactive Network

74% remove it

InboxAce Internet Explorer Toolbar by Mindspark Interactive Network

This is a web browser extension/toolbar that will modify the user's home page and search provider to Ask.com.

70% remove it

Latest 20 of 20 programs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a23-37-181-163.deploy.static.akamaitechnologies.com (23.37.181.163:80)

TCP (HTTP):

Connects to host-213.158.175.105.tedata.net (213.158.175.105:80)

Remove gtmedint.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.