home

inboxace.exe

Mindspark Interactive Network

The application inboxace.exe by Mindspark Interactive Network has been detected as a potentially unwanted program by 13 anti-malware scanners. This version of the file will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from ak.imgfarm.com.
Publisher:
Mindspark Interactive Network  (signed and verified)

MD5:
be04d143f0d6c41896e16e8acec1889b

SHA-1:
7d5f016736535f86dfd7f3277c03d9737a3a0d07

SHA-256:
2000bd3ca1f10a1856f386626a8c66b5041ea83b11e40bbe563e73970981d955

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 1:18:52 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.FunWeb
2014.07.04

avast!
Win32:Mindspark-A [PUP]
2014.9-140725

AVG
Zango
2015.0.3403

Baidu Antivirus
Adware.Win32.AdInstaller
4.0.3.14725

Dr.Web
Adware.MyWebSearch.50
9.0.1.0206

ESET NOD32
Win32/AdInstaller (variant)
8.10039

Fortinet FortiGate
Riskware/AdInstaller
7/25/2014

Malwarebytes
PUP.Optional.MindSpark.A
v2014.07.25.10

NANO AntiVirus
Trojan.Win32.MyWebSearch.crfjnq
0.28.0.60577

Panda Antivirus
Application/FunWeb
14.07.25.10

Reason Heuristics
PUP.MindsparkInteractiveNetwork.I
14.8.8.2

Trend Micro House Call
TROJ_GEN.F47V0402
7.2.206

VIPRE Antivirus
MyWebSearch.J
30914

File size:
432.9 KB (443,256 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\inboxace.exe

Digital Signature
Signed by:
Mindspark Interactive Network

Authority:
VeriSign, Inc.

Valid from:
4/9/2012 5:00:00 PM

Valid to:
5/6/2015 4:59:59 PM

Subject:
CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
098417F7EA6406EC7B320590E17A65B7

File PE Metadata
Compilation timestamp:
11/19/2013 12:58:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:aPlCsEH4gIVXBbois9lVOmO092zKXX7aHH7POJaWiLtGVgAxxj45aAqH:at/SxIdBbfRrz4yh/LtGV3Ecx

Entry address:
0x280C

Entry point:
E8, DE, 25, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 56, FF, 75, 0C, 8D, 4D, E8, E8, 40, FB, FF, FF, 8B, 5D, 08, BE, 00, 01, 00, 00, 3B, DE, 73, 54, 8B, 4D, E8, 83, B9, AC, 00, 00, 00, 01, 7E, 14, 8D, 45, E8, 50, 6A, 01, 53, E8, 51, 15, 00, 00, 8B, 4D, E8, 83, C4, 0C, EB, 0D, 8B, 81, C8, 00, 00, 00, 0F, B7, 04, 58, 83, E0, 01, 85, C0, 74, 0F, 8B, 81, CC, 00, 00, 00, 0F, B6, 04, 18, E9, A3, 00, 00, 00, 80, 7D, F4, 00, 74, 07, 8B, 45, F0, 83, 60, 70, FD, 8B, C3, E9, 9C, 00, 00, 00, 8B...
 
[+]

Entropy:
6.6636

Code size:
25.5 KB (26,112 bytes)

The file inboxace.exe has been seen being distributed by the following URL.

http://ak.imgfarm.com/images/nocache/vicinio/installers/100000448.LAENUK.2/.../InboxAce.exe

Remove inboxace.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.