» televisionfanaticsetup2.5.15.0.pd^xp^xdm044^yya^us.coqgwoiev8acfzcufgodlycala.exe
Overview
Analysis
File Details
Network (2)

televisionfanaticsetup2.5.15.0.pd^xp^xdm044^yya^us.coqgwoiev8acfzcufgodlycala.exe

Mindspark Interactive Network

This is the installer stub for the Mindspark (TelevisionFanatic/Ask) browser toolbar which provides the offer to the end user to install the toolbar and set the browser's search, home page and new tab to an Ask.com search destination. The application televisionfanaticsetup2.5.15.0.pd^xp^xdm044^yya^us.coqgwoiev8acfzcufgodlycala.exe by Mindspark Interactive Network has been detected as a potentially unwanted program by 14 anti-malware scanners. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.

File name:

Publisher:

TelevisionFanatic (signed by Mindspark Interactive Network)

Product:

TelevisionFanatic

Version:

2, 0, 5, 6

MD5:

d4b9f80d725fea302acccd323796385a

SHA-1:

3ea7cc7f1d85d300b1a1a8c72e37e431c581938f

SHA-256:

488f75a6b14a182914a38ab35201c436c6fcd0ad99332bc2e197bb6ce18fae08

Scanner detections:

14 / 68

Status:

Potentially unwanted

Explanation:

Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Analysis date:

4/19/2024 7:04:46 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.MyWebSearch

7.1.1

avast!

Win32:Mindspark-A [PUP]

2014.9-150227

AVG

Zango

2016.0.3185

Baidu Antivirus

Adware.Win32.MyWebSearch

4.0.3.15227

Dr.Web

STPAGE.Trojan

9.0.1.058

ESET NOD32

Win32/Toolbar.MyWebSearch (variant)

9.10341

Fortinet FortiGate

Adware/FunWeb

2/27/2015

Kaspersky

not-a-virus:WebToolbar.Win32.MyWebSearch

14.0.0.2420

McAfee

Artemis!0FB95E1D2149

5600.6841

NANO AntiVirus

Riskware.Win32.WebSearch.dedrnq

0.28.2.61861

Panda Antivirus

Adware/WebSearch

15.02.27.10

Reason Heuristics

PUP.Installer.Mindspark

15.2.27.22

Rising Antivirus

PE:Trojan.Win32.Generic.14BC5C6C!347888748

23.00.65.15225

VIPRE Antivirus

MyWebSearch.J

32698

File size:

5.7 MB (5,970,320 bytes)

Product version:

2, 0, 5, 6

Original file name:

64Setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\pz5mu2st\televisionfanaticsetup2.5.15.0.pd^xp^xdm044^yya^us.coqgwoiev8acfzcufgodlycala.exe

Digital Signature

Signed by:

Mindspark Interactive Network

Authority:

VeriSign, Inc.

Valid from:

4/9/2012 5:00:00 PM

Valid to:

5/6/2015 4:59:59 PM

Subject:

CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

098417F7EA6406EC7B320590E17A65B7

File PE Metadata

Compilation timestamp:

7/1/2014 10:38:00 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:XcAq56/LJpxkvEqQJPoR/J2EwRm41fRJBFAuXmzK1MVGMFkF+yDH6zN:XI5eLxfqQ+R/wEH4FRJBFfXcK1O4+yLW

Entry address:

0x3E96

Entry point:

55, 8B, EC, 83, EC, 44, 53, 56, 6A, 00, FF, 15, 04, 51, 40, 00, A3, 24, 8B, 40, 00, FF, 15, 8C, 50, 40, 00, 8B, 1D, 88, 50, 40, 00, 8B, F0, 85, F6, 75, 04, 6A, FF, FF, D3, 8A, 06, 57, 8B, 3D, 64, 51, 40, 00, 3C, 22, 75, 1B, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 04, 84, C0, 75, F1, 80, 3E, 22, 75, 15, 56, FF, D7, 8B, F0, EB, 0E, 3C, 20, 7E, 0A, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, 8A, 06, 84, C0, 74, 04, 3C, 20, 7E, E1, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 84, 50, 40, 00, E8, 2D, 00, 00, 00, F6, 45... 
[+]

Entropy:

7.7485

Developed / compiled with:

Microsoft Visual C++

Code size:

16 KB (16,384 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www187.mindspark.com (74.113.233.187:80)

TCP (HTTP):

Connects to anx.mindspark.com (74.113.233.187:80)

Remove televisionfanaticsetup2.5.15.0.pd^xp^xdm044^yya^us.coqgwoiev8acfzcufgodlycala.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.