home

inboxace.exe

Mindspark Interactive Network

The application inboxace.exe by Mindspark Interactive Network has been detected as a potentially unwanted program by 13 anti-malware scanners. This version of the file will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from ak.imgfarm.com.
Publisher:
Mindspark Interactive Network  (signed and verified)

MD5:
541d436392165e9244efcd2bf6d9b911

SHA-1:
ceef98bcf483666b9c49d12291b57818deee3ab8

SHA-256:
29c90ef146a664d879faab8c59e4a11eda62dd8f06928b08439aece5cffc3265

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 7:49:33 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.FunWeb
2014.07.15

avast!
Win32:Mindspark-A [PUP]
2014.9-140725

AVG
Zango
2015.0.3403

Baidu Antivirus
Adware.Win32.AdInstaller
4.0.3.14725

Dr.Web
Adware.MyWebSearch.50
9.0.1.0206

ESET NOD32
Win32/AdInstaller (variant)
8.10094

Fortinet FortiGate
Riskware/AdInstaller
7/25/2014

Malwarebytes
PUP.Optional.MindSpark.A
v2014.07.25.08

NANO AntiVirus
Trojan.Win32.MyWebSearch.crfjnq
0.28.0.60698

Panda Antivirus
Application/FunWeb
14.07.25.08

Reason Heuristics
PUP.MindsparkInteractiveNetwork.I
14.8.8.2

Trend Micro House Call
Suspicious_GEN.F47V0711
7.2.206

VIPRE Antivirus
MyWebSearch.J
31272

File size:
432.9 KB (443,256 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\inboxace.exe

Digital Signature
Signed by:
Mindspark Interactive Network

Authority:
VeriSign, Inc.

Valid from:
4/10/2012 8:00:00 AM

Valid to:
5/7/2015 7:59:59 AM

Subject:
CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
098417F7EA6406EC7B320590E17A65B7

File PE Metadata
Compilation timestamp:
11/20/2013 4:58:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:XPlCsEfGTXBbois9lVOUOGZehqn+a5MvEdka2cRU1UmGEj4nGA/DG:Xt/8wBbfVGZeE+aKvEdzrR+TGrG2G

Entry address:
0x280C

Entry point:
E8, DE, 25, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 56, FF, 75, 0C, 8D, 4D, E8, E8, 40, FB, FF, FF, 8B, 5D, 08, BE, 00, 01, 00, 00, 3B, DE, 73, 54, 8B, 4D, E8, 83, B9, AC, 00, 00, 00, 01, 7E, 14, 8D, 45, E8, 50, 6A, 01, 53, E8, 51, 15, 00, 00, 8B, 4D, E8, 83, C4, 0C, EB, 0D, 8B, 81, C8, 00, 00, 00, 0F, B7, 04, 58, 83, E0, 01, 85, C0, 74, 0F, 8B, 81, CC, 00, 00, 00, 0F, B6, 04, 18, E9, A3, 00, 00, 00, 80, 7D, F4, 00, 74, 07, 8B, 45, F0, 83, 60, 70, FD, 8B, C3, E9, 9C, 00, 00, 00, 8B...
 
[+]

Entropy:
6.6446

Code size:
25.5 KB (26,112 bytes)

The file inboxace.exe has been seen being distributed by the following URL.

http://ak.imgfarm.com/images/nocache/vicinio/installers/100000448.YYA.3/.../InboxAce.exe

Remove inboxace.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.