» bimedint.exe
Overview
Analysis
File Details
Behaviors (1)

bimedint.exe

Mindspark Toolbar Platform for Internet Explorer

Mindspark Interactive Network

The application bimedint.exe, “Mindspark Toolbar Platform” by Mindspark Interactive Network has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DailyImageBoard EPM Support’. This version of the file will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.

File name:

bimedint.exe

Publisher:

Mindspark (signed by Mindspark Interactive Network)

Product:

Mindspark Toolbar Platform for Internet Explorer

Description:

Mindspark Toolbar Platform

Version:

1.0.7.247

MD5:

1f7409f394bd5f39b55907d94dd0fdfd

SHA-1:

81c4a85fcb6a28555605f03ed7284c43256d2b2f

SHA-256:

128dc0ef7da6a177f22adb01fd8dc36f127be1256ef4350708322753ade2f1c2

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 4:31:28 PM UTC (today)

Scan engine

Detection

Engine version

herdProtect (fuzzy)

variant of aamedint.exe (Adware)

2015.11.18.14

Reason Heuristics

PUP.MyWebSearch.Mindspark.Toolbar (M)

15.9.16.12

File size:

11.3 KB (11,608 bytes)

Product version:

2.5.15.19

Original file name:

t8MedInt.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\dailyimageboard_bi\bar\1.bin\bimedint.exe

Digital Signature

Signed by:

Mindspark Interactive Network

Authority:

VeriSign, Inc.

Valid from:

4/20/2015 3:00:00 AM

Valid to:

6/19/2018 2:59:59 AM

Subject:

CN=Mindspark Interactive Network, O=Mindspark Interactive Network, L=Yonkers, S=New York, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

438D4291E43C2DFFEEAAAEE5B6C070B5

File PE Metadata

Compilation timestamp:

6/17/2015 5:47:47 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

192:dRpqlIg8GbRWeWaWUtnYe+PjPBkrO1tC7d/r9ZCspE+TM4rYWPC7z:fpfg8GbRWeWaWenYPLB11w6eMTd7z

Entry address:

0x103B

Entry point:

55, 8B, EC, B8, 50, 81, 00, 00, E8, 68, 02, 00, 00, 53, 56, 57, FF, 15, 0C, 20, 40, 00, 32, D2, 8A, 08, 80, F9, 20, 7F, 08, 84, C9, 74, 11, 84, D2, 74, 0D, 80, F9, 22, 75, 05, 84, D2, 0F, 94, C2, 40, EB, E4, 8A, 08, 84, C9, 74, 08, 80, F9, 20, 7F, 03, 40, EB, F2, 8D, 8D, B0, 7E, FF, FF, 8B, D0, 8B, C1, 33, FF, BE, 00, 80, 00, 00, 2B, D0, 8D, 86, FE, 7F, FF, 7F, 85, C0, 74, 0D, 8A, 04, 0A, 84, C0, 74, 06, 88, 01, 41, 4E, 75, E9, 85, F6, 75, 06, 49, BF, 7A, 00, 07, 80, C6, 01, 00, 89, 7D, FC, 85, FF, 0F, 88... 
[+]

Entropy:

6.2261

Developed / compiled with:

Microsoft Visual C++

Code size:

1024 Bytes (1,024 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DailyImageBoard EPM Support

Command:

"C:\Program Files1\dailyi~1\bar\1.bin\bimedint.exe" t8epmsup.dll,s

Remove bimedint.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.