home

NP5zStub.DLL

MindSpark Toolbar Platform Plugin Stub

Mindspark Interactive Network

This library is part of the Mindspark toolbar which uses the Ask.com search property to install a web browser extension and modify the browser's search, home and new tab features in order to redirect web searches to the IAC property. The module NP5zStub.DLL, “MindSpark Toolbar Platform Plugin Stub for 32-bit Windows” by Mindspark Interactive Network has been detected as a potentially unwanted program by 29 anti-malware scanners. It is installed within the Mozilla Firefox web browser as an extension/plugin as ‘@CouponXplorer_5z.com/Plugin’. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages.
Publisher:
MindSpark  (signed by Mindspark Interactive Network)

Product:
MindSpark Toolbar Platform Plugin Stub

Description:
MindSpark Toolbar Platform Plugin Stub for 32-bit Windows

Version:
1, 0, 1, 1

MD5:
419bccc07e4afff00496c3e53499b45e

SHA-1:
f71072d0a5e24244531b967cb23e74164cc9c44c

SHA-256:
5d19d83b31573fae20ceeb8d5f35d687f721ee7455468b3917b2cc163c86e54e

Scanner detections:
29 / 68

Status:
Potentially unwanted

Explanation:
Part of the MyWebSearch/Mindspark/Ask web browser extension and toolbar.

Analysis date:
4/25/2024 8:57:19 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.WebSearch
7.1.1

AhnLab V3 Security
PUP/Win32.MyWebSearch
2015.11.17

Avira AntiVirus
TR/Trash.Gen
8.3.1.6

avast!
Win32:Mindspark-A [PUP]
2014.9-160215

AVG
AdPlugin
2017.0.2832

Baidu Antivirus
Adware.Win32.MyWebSearch
4.0.3.16215

Bkav FE
W32.HfsAdware
1.3.0.7383

Clam AntiVirus
Win.Adware.Websearch-73
0.98/21511

Comodo Security
Application.Win32.MyWebSearch.R
23599

Dr.Web
Adware.MyWebSearch.85
9.0.1.046

ESET NOD32
Win32/Toolbar.MyWebSearch.AI potentially unwanted
10.12574

Fortinet FortiGate
Riskware/MyWebSearch
2/15/2016

F-Prot
W32/Mywebsearch.H.gen
v6.4.6.5.141

G Data
Win32.Adware.Mindspark
16.2.25

IKARUS anti.virus
PUA.SearchProtect
t3scan.1.9.5.0

Kaspersky
not-a-virus:WebToolbar.Win32.MyWebSearch
14.0.0.657

Malwarebytes
PUP.Optional.MindSpark
v2016.02.15.03

McAfee
Artemis!66433EEA0E48
5600.6488

NANO AntiVirus
Riskware.Win32.WebSearch.dedrom
0.30.0.64448

Panda Antivirus
Adware/WebSearch
16.02.15.03

Qihoo 360 Security
Win32/Virus.WebToolbar.498
1.0.0.1077

Quick Heal
PUA.Webwatcher.OD5
2.16.14.00

Reason Heuristics
PUP.MyWebSearch.Mindspark.Toolbar (M)
16.2.15.15

SUPERAntiSpyware
PUP.MindSpark/Variant
9322

Total Defense
Win32/Tnega.EOUDaL
37.1.62.1

Trend Micro House Call
Suspicious_GEN.F47V0827
7.2.46

Vba32 AntiVirus
AdWare.WebSearch
3.12.26.3

VIPRE Antivirus
MyWebSearch.J
45236

Zillya! Antivirus
Adware.MyWebSearch.Win32.772
2.0.0.2512

File size:
30.5 KB (31,256 bytes)

Product version:
2, 3, 0, 0

Copyright:
Copyright © 2005, 2006, 2007, 2008, 2009, 2010, 2011

Original file name:
NP5zStub.DLL

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\couponxplorer_5z\bar\1.bin\np5zstub.dll

Digital Signature
Signed by:
Mindspark Interactive Network

Authority:
VeriSign, Inc.

Valid from:
4/9/2012 7:00:00 PM

Valid to:
5/6/2015 6:59:59 PM

Subject:
CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
098417F7EA6406EC7B320590E17A65B7

File PE Metadata
Compilation timestamp:
5/13/2011 1:56:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
192:/N+ww1b4KcJ23WtV2EWhqYr9WIDe+Pv+rO4dj+vyge8r9ZCspE+TMIrwn7X1fCJ:Gb4XAWt4EW7xDPvHuVteMFcJ

Entry address:
0x10B3

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 56, 8B, 75, 08, 75, 0B, 89, 35, CC, 30, 00, 10, E8, 20, 00, 00, 00, FF, 75, 10, FF, 75, 0C, 56, E8, 47, 02, 00, 00, 83, 7D, 0C, 00, 8B, F0, 75, 05, E8, 3E, 00, 00, 00, 8B, C6, 5E, 5D, C2, 0C, 00, 68, A8, 30, 00, 10, FF, 15, 40, 20, 00, 10, 68, 14, 30, 00, 10, 68, 00, 30, 00, 10, E8, 03, 00, 00, 00, 59, 59, C3, 56, 8B, 74, 24, 08, 3B, 74, 24, 0C, 73, 0D, 8B, 06, 85, C0, 74, 02, FF, D0, 83, C6, 04, EB, ED, 5E, C3, A1, C8, 30, 00, 10, 85, C0, 74, 2F, 8B, 0D, C4, 30, 00, 10, 56, 8D...
 
[+]

Entropy:
3.0676

Developed / compiled with:
Microsoft Visual C++

Code size:
4 KB (4,096 bytes)

Mozilla Plugin
Name:
@CouponXplorer_5z.com/Plugin


Remove NP5zStub.DLL - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.