home

inboxacecrx.0cd41439-3da7-4837-9dd5-3b999ed9dfb3.exe

Mindspark Interactive Network

The application inboxacecrx.0cd41439-3da7-4837-9dd5-3b999ed9dfb3.exe by Mindspark Interactive Network has been detected as a potentially unwanted program by 15 anti-malware scanners. This version of the file will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension. The file has been seen being downloaded from ak.imgfarm.com and multiple other hosts. While running, it connects to the Internet address anx.mindspark.com on port 80 using the HTTP protocol.
Publisher:
InboxAce  (signed by Mindspark Interactive Network)

Product:
InboxAce

Version:
2.5.0.2

MD5:
babc336eb23a89b537f1432fe76e50bf

SHA-1:
31a6382f55488834a71ea3b449395f1d7983728d

SHA-256:
ecc169308118a43a6c47a026fe74c91b324e2a4c369479dacca09fe08a983a34

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 2:47:03 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.MyWebSearch
7.1.1

avast!
Win32:Mindspark-A [PUP]
2014.9-141209

AVG
Zango
2015.0.3266

Baidu Antivirus
Adware.Win32.MyWebSearch
4.0.3.14129

Dr.Web
DLOADER.Trojan
9.0.1.0343

ESET NOD32
Win32/Toolbar.MyWebSearch.AA (variant)
8.10178

Fortinet FortiGate
Adware/FunWeb
12/9/2014

Kaspersky
not-a-virus:AdWare.Win32.WebSearch
14.0.0.2823

NANO AntiVirus
Trojan.Win32.Generic.dbxkrh
0.28.2.61148

Panda Antivirus
Adware/WebSearch
14.12.09.11

Qihoo 360 Security
Win32/Virus.WebToolbar.30b
1.0.0.1015

Reason Heuristics
PUP.Installer.MindsparkInteractiveNetwork.p
14.12.9.11

Rising Antivirus
PE:Trojan.Win32.Generic.16EC81BD!384598461
23.00.65.141207

Trend Micro House Call
Suspicious_GEN.F47V0613
7.2.343

VIPRE Antivirus
MyWebSearch.J
31762

File size:
646.4 KB (661,880 bytes)

Product version:
2.5.0.2

Copyright:
Copyright © 2012 - 2014

Original file name:
1gSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\inboxacecrx.0cd41439-3da7-4837-9dd5-3b999ed9dfb3.exe

Digital Signature
Signed by:
Mindspark Interactive Network

Authority:
VeriSign, Inc.

Valid from:
4/9/2012 7:00:00 PM

Valid to:
5/6/2015 6:59:59 PM

Subject:
CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
098417F7EA6406EC7B320590E17A65B7

File PE Metadata
Compilation timestamp:
6/3/2014 12:11:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:slxJ1fF8xkpObp+AESNw0x/ihbrBUielbmH/i5pRQhCYN:WN8Sp/AESlx6hnuliH/i53mCe

Entry address:
0x1357E

Entry point:
E8, 41, 67, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 08, 40, 42, 00, E8, 4C, 05, 00, 00, 6A, 0E, E8, 3E, 69, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 1C, 1E, 43, 00, BA, 18, 1E, 43, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, C6, D8, FF, FF, 59, FF, 76, 04, E8, BD, D8, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 3B, 05, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 0A, 68, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC...
 
[+]

Entropy:
4.8130

Code size:
118 KB (120,832 bytes)

The file inboxacecrx.0cd41439-3da7-4837-9dd5-3b999ed9dfb3.exe has been seen being distributed by the following 3 URLs.

http://ak.imgfarm.com/images/nocache/vicinio/installers/100000448.S09925.1/266715-140604133923-S09925.1/.../InboxAceCrx.E90AE90C-E130-4374-98F4-41B208F6F1F5.exe

http://ak.dl.inboxace.com/images/nocache/vicinio/installers/100000448.S09925.1/266715-140604133923-S09925.1/.../InboxAceCrx.7CE8A4BE-1D50-4F17-AA61-01DC9B439013.exe

http://ak.dl.inboxace.com/images/nocache/vicinio/installers/100000448.S09925.1/266715-140604133923-S09925.1/.../InboxAceCrx.02A2FBFF-F4B0-4494-B91E-A470CE23C97E.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www187.mindspark.com  (74.113.233.187:80)

TCP (HTTP):
Connects to anx.mindspark.com  (74.113.233.187:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.