» retrogamer installer(0fcf61c1).exe
Overview
Analysis
File Details
Network (2)

retrogamer installer(0fcf61c1).exe

Mindspark Interactive Network

This is the installer stub for the Mindspark (Retrogamer/Ask) browser toolbar which provides the offer to the end user to install the toolbar and set the browser's search, home page and new tab to an Ask.com search destination. The application retrogamer installer(0fcf61c1).exe by Mindspark Interactive Network has been detected as a potentially unwanted program by 27 anti-malware scanners. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension. While running, it connects to the Internet address anx.mindspark.com on port 80 using the HTTP protocol.

File name:

Publisher:

Retrogamer (signed by Mindspark Interactive Network)

Product:

Retrogamer

Version:

2, 0, 0, 12

MD5:

38a84b6436938450b85a8dcf2384ce24

SHA-1:

788388b2087e2419728b01f1c535ebe11b803d8a

SHA-256:

09f425462af3f27600f177b8b38210502c8d9a520e9199d5f4fbef6b8a3876bb

Scanner detections:

27 / 68

Status:

Potentially unwanted

Explanation:

Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Analysis date:

4/26/2024 8:16:49 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Adware.MyWebSearch.ED

826

Agnitum Outpost

PUA.Toolbar.MyWebSearch

7.1.1

avast!

Win32:PUP-gen [PUP]

2014.9-141031

AVG

AdInstaller.FunWeb

2015.0.3304

Baidu Antivirus

Adware.Win32.AdInstaller

4.0.3.14112

Bitdefender

Adware.Generic.244352

1.0.20.1530

Clam AntiVirus

Adware.MyWebSearch-15

0.98/213

Comodo Security

Heur.Suspicious

18423

Dr.Web

Tool.InstallToolbar.5

9.0.1.0304

Emsisoft Anti-Malware

Adware.Generic.244352

8.14.11.02.11

ESET NOD32

Win32/Toolbar.MyWebSearch (variant)

8.9887

Fortinet FortiGate

Riskware/MyWebSearch

10/31/2014

F-Secure

Dropped:Adware.MyWebSearch.ED

11.2014-31-10_6

G Data

Adware.Generic.244352

14.11.24

IKARUS anti.virus

AdWare.Mywebsearch

t3scan.1.6.1.0

Kaspersky

not-a-virus:WebToolbar.Win32.MyWebSearch

14.0.0.3015

MicroWorld eScan

Dropped:Adware.MyWebSearch.ED

15.0.0.912

NANO AntiVirus

Riskware.Win32.AdInstaller.tcxcf

0.28.0.60100

Norman

Suspicious_Gen2.MMOLW

11.20141031

Panda Antivirus

Adware/WebSearch

14.10.31.09

Qihoo 360 Security

Win32/Virus.WebToolbar.9ba

1.0.0.1015

Reason Heuristics

PUP.Installer.MindsparkInteractiveNetwork.EE

14.10.31.21

Rising Antivirus

PE:Trojan.Win32.Generic.152910C6!355012806

23.00.65.141031

Trend Micro House Call

TROJ_SPNR.11BP13

7.2.306

Trend Micro

TROJ_SPNR.11BP13

10.465.02

Vba32 AntiVirus

AdWare.FunWeb

3.12.26.0

VIPRE Antivirus

MyWebSearch.J

29898

File size:

938 KB (960,560 bytes)

Product version:

2, 0, 0, 12

Original file name:

2zSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\retrogamer installer(0fcf61c1).exe

Digital Signature

Signed by:

Mindspark Interactive Network

Authority:

VeriSign, Inc.

Valid from:

5/30/2010 8:00:00 PM

Valid to:

5/6/2012 7:59:59 PM

Subject:

CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

41730EB0E6D92A476E16628A0DBEFB36

File PE Metadata

Compilation timestamp:

3/18/2011 9:04:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:ChzJDyHiKzEj7hN72CJ0C6misukER50RND2r983Duemg9TExEBREE:ORgQ7hN72C3isukER50RNDw9M6Ng9TDz

Entry address:

0x3BCF

Entry point:

55, 8B, EC, 83, EC, 44, 53, 56, 6A, 00, FF, 15, 20, 71, 40, 00, A3, D4, 9D, 40, 00, FF, 15, A8, 70, 40, 00, 8B, 1D, A4, 70, 40, 00, 8B, F0, 85, F6, 75, 04, 6A, FF, FF, D3, 8A, 06, 57, 8B, 3D, 9C, 71, 40, 00, 3C, 22, 75, 1B, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 04, 84, C0, 75, F1, 80, 3E, 22, 75, 15, 56, FF, D7, 8B, F0, EB, 0E, 3C, 20, 7E, 0A, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, 8A, 06, 84, C0, 74, 04, 3C, 20, 7E, E1, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, A0, 70, 40, 00, E8, 2D, 00, 00, 00, F6, 45... 
[+]

Entropy:

7.9522

Developed / compiled with:

Microsoft Visual C++

Code size:

24 KB (24,576 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www187.mindspark.com (74.113.233.187:80)

TCP (HTTP):

Connects to anx.mindspark.com (74.113.233.187:80)

Remove retrogamer installer(0fcf61c1).exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.