home

radioragesetup.exe

Mindspark Interactive Network

This is the installer stub for the Mindspark (RadioRage/Ask) browser toolbar which provides the offer to the end user to install the toolbar and set the browser's search, home page and new tab to an Ask.com search destination. The application radioragesetup.exe by Mindspark Interactive Network has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the Mindspark Custom Setup installer. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.
Publisher:
RadioRage  (signed by Mindspark Interactive Network)

Product:
RadioRage

Version:
2, 0, 5, 6

MD5:
eda6cab30ea21c1aa534f8f4172ce2c4

SHA-1:
026edfad73a3e6a82ab25365e6f71eeb80fc1d18

SHA-256:
1302551d34fa84ccac9b7d28f5cab0f67cf6645a1d74d0eec54c4955e59ecbb9

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 12:42:24 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.MyWebSearch
7.1.1

AhnLab V3 Security
Adware/Win32.Toolbar
2013.11.09

avast!
Win32:Mindspark-A [PUP]
150101-1

AVG
Potentially harmful program MyWebSearch
2014.0.4257

Baidu Antivirus
Adware.Win32.MyWebSearch
4.0.3.1532

Bkav FE
W32.Clodad9.Trojan
1.3.0.4415

Clam AntiVirus
Adware.MyWebSearch-15
0.98/20133

Dr.Web
Trojan.MulDrop5.44380
9.0.1.05190

ESET NOD32
Win32/Toolbar.MyWebSearch.O potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/FunWeb
3/2/2015

F-Prot
W32/Mywebsearch.H2.gen
v6.4.7.1.166

G Data
Win32.Adware.Mindspark
15.3.24

Kaspersky
not-a-virus:WebToolbar.Win32.MyWebSearch
15.0.0.543

McAfee
Artemis!587B0ECA0912
5600.6839

NANO AntiVirus
Riskware.Win32.WebSearch.dedrnq
0.28.6.64267

Panda Antivirus
Adware/WebSearch
15.03.02.12

Qihoo 360 Security
Win32/Virus.WebToolbar.46c
1.0.0.1015

Reason Heuristics
PUP.Installer.Mindspark
15.3.2.0

Rising Antivirus
PE:Trojan.Win32.Generic.14BC5C6C!347888748
23.00.65.15228

Trend Micro House Call
TROJ_GEN.F47V1107
7.2.61

VIPRE Antivirus
MyWebSearch.J
35916

File size:
5.6 MB (5,822,848 bytes)

Product version:
2, 0, 5, 6

Copyright:
Copyright © 2009 - 2014

Original file name:
4jSetup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Mindspark Custom Setup

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\3dt86cq4\radioragesetup.exe

Digital Signature
Signed by:
Mindspark Interactive Network

Authority:
VeriSign, Inc.

Valid from:
4/10/2012 1:00:00 AM

Valid to:
5/7/2015 12:59:59 AM

Subject:
CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
098417F7EA6406EC7B320590E17A65B7

File PE Metadata
Compilation timestamp:
10/31/2014 6:00:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:8oJGtfHwxxiObinqFQppdTBsW7wkIzqHS2y0o0Gtb1rgM8wKxi3Un:PEtofiOunqo0Ewr6Sz0o9bCM8wer

Entry address:
0x22B6

Entry point:
55, 8B, EC, 83, EC, 44, 53, 56, 6A, 00, FF, 15, B8, 30, 40, 00, A3, A4, 67, 40, 00, FF, 15, 4C, 30, 40, 00, 8B, 1D, 48, 30, 40, 00, 8B, F0, 85, F6, 75, 04, 6A, FF, FF, D3, 8A, 06, 57, 8B, 3D, FC, 30, 40, 00, 3C, 22, 75, 1B, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 04, 84, C0, 75, F1, 80, 3E, 22, 75, 15, 56, FF, D7, 8B, F0, EB, 0E, 3C, 20, 7E, 0A, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, 8A, 06, 84, C0, 74, 04, 3C, 20, 7E, E1, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 44, 30, 40, 00, E8, 2D, 00, 00, 00, F6, 45...
 
[+]

Entropy:
7.7143

Developed / compiled with:
Microsoft Visual C++

Code size:
8 KB (8,192 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www187.mindspark.com  (74.113.233.187:80)

TCP (HTTP):
Connects to anx.mindspark.com  (74.113.233.187:80)

Remove radioragesetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.