crextp5z.exe

Mindspark Toolbar Platform for Internet Explorer

Mindspark Interactive Network

The application crextp5z.exe, “Mindspark Toolbar Platform” by Mindspark Interactive Network has been detected as a potentially unwanted program by 11 anti-malware scanners. Additionally, the file is typically installed by a number of programs including YourLocalLotto Toolbar Internet Explorer Toolbar by Mindspark Interactive Network and YourTemplateFinder Internet Explorer Toolbar by Mindspark Interactive Network, both potentially unwanted software. This version of the file will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.
Publisher:
Mindspark  (signed by Mindspark Interactive Network)

Product:
Mindspark Toolbar Platform for Internet Explorer

Description:
Mindspark Toolbar Platform

Version:
1.0.7.235

MD5:
1983adbec36385d0cedbb89881098684

SHA-1:
df8a6bba205666a6f7c0acbdf09bf6e8eb136ea0

SHA-256:
21bce8b24a27993a4a121b91b44c176b122a0f37cf6387c6a8c6775aa21e7f70

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 4:24:44 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.MyWebSearch
2014.10.25

avast!
Win32:Mindspark-A [PUP]
2014.9-141024

AVG
MyWebSearch
2015.0.3311

Baidu Antivirus
Adware.Win32.MyWebSearch
4.0.3.141024

G Data
Win32.Adware.Mindspark
14.10.24

Kaspersky
not-a-virus:WebToolbar.Win32.MyWebSearch
14.0.0.3051

Malwarebytes
PUP.Optional.MindSpark
v2014.10.24.06

McAfee
Artemis!1983ADBEC363
5600.6967

Qihoo 360 Security
Win32/Virus.WebToolbar.30b
1.0.0.1015

Reason Heuristics
PUP.Toolbar.MindsparkInteractiveNetwork.I
14.10.24.18

VIPRE Antivirus
34218

File size:
1 MB (1,099,336 bytes)

Product version:
2.5.15.7

Copyright:
Copyright © 2009-2014 Mindspark Interactive Network, Inc.

Original file name:
CrExtProc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\couponxplorer_5z\bar\1.bin\crextp5z.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/9/2012 7:00:00 PM

Valid to:
5/6/2015 6:59:59 PM

Subject:
CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
098417F7EA6406EC7B320590E17A65B7

File PE Metadata
Compilation timestamp:
10/21/2014 5:34:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:dMiEWjWGlMiCrzLDfk0C/+2WuJJijTeAQzBlDICQAUIg8u+n:dMYjWGlMiCrzXhC/+juJJqeLMCQfIg8v

Entry address:
0x5CB2F

Entry point:
E8, 8D, B1, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, D4, B2, 00, 00, 83, C4, 14, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 56, 33, C0, 50, 50, 50, 50, 50, 50, 50, 50, 8B, 55, 0C, 8D, 49, 00, 8A, 02, 0A, C0, 74, 09, 83, C2, 01, 0F, AB, 04, 24, EB, F1, 8B, 75, 08, 83, C9, FF, 8D, 49, 00, 83, C1, 01, 8A, 06, 0A, C0, 74, 09, 83, C6, 01, 0F, A3, 04, 24, 73, EE, 8B, C1, 83, C4, 20, 5E, C9, C3, 8B, FF, 55, 8B, EC, 83, EC, 20, 53...
 
[+]

Entropy:
6.4940

Code size:
526.5 KB (539,136 bytes)

The file crextp5z.exe has been discovered within the following programs.

APlusGamer Internet Explorer Toolbar  by Mindspark Interactive Network
This ad-supported toolbar installs a Mindspark branded Ask.com Toolbar in the user's Internet browsers. The software will modify the browser by changing the homepage and search provider to an Ask.com partner landing page. With this, it will display Ask.
support.mindspark.com
70% remove it
AudioToAudio Internet Explorer Toolbar  by Mindspark Interactive Network
Publisher's description - “As part of the download process for the Toolbar, you may be given the option to reset your homepage and/or reset your new tab page to an Ask® home page and new tab product.”
68% remove it
Citysearch Internet Explorer Toolbar  by Mindspark Interactive Network
Publisher's description - “Please note that once you have removed the toolbar, you will only be able to unlock the games at your current player level. If you are at the Platinum Level, you will still be able to play all the games on IWON.”
69% remove it
ConservativeTalkNow Internet Explorer Toolbar  by Mindspark Interactive Network
Installs a potentailly unwanted Ask.com powered toolbr - "As part of the download process for the Toolbar, you may be given the option to reset your homepage and/or reset your new tab page to an Ask® home page and new tab product.
63% remove it
DailyBibleGuide Internet Explorer Toolbar  by Mindspark Interactive Network
DailyBibleGuide is a Mindspark web browser toolbar that is designed to modify the users search and home pages to Ask.com (or MyWebSearch).
68% remove it
DailyLocalGuide Internet Explorer Toolbar  by Mindspark Interactive Network
Publisher's description - “The Software and Services are sponsored by third party advertisements and commercial offers and may also contain links to third parties websites, advertisements, products, offers, applications and more .”
63% remove it
DictionaryBoss Internet Explorer Toolbar  by Mindspark Interactive Network
Publisher's description - “The My Web Search Toolbar sends a configuration request when you start your browser.”
71% remove it
FileShareFanatic Internet Explorer Toolbar  by Mindspark Interactive Network
From the Terms of Service: "As part of the download process for the Toolbar, you may be given the option to reset your Internet browser's homepage to an Ask homepage product and/or reset your new tab page to an Ask new tab product.
eula.mindspark.com/ask
68% remove it
FilmFanatic Internet Explorer Toolbar  by Mindspark Interactive Network
73% remove it
GasGlance Internet Explorer Toolbar  by Mindspark Interactive Network
Publisher's description - “The My Web Search Toolbar, in the course of processing a given search query, sends a request to our servers.”
67% remove it
 
Latest 20 of 20 programs
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 197-80-131-147.jhb.mweb.co.za  (197.80.131.147:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-atl3.fbcdn.net  (31.13.65.7:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-atl3.facebook.com  (31.13.65.36:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-ams3.fbcdn.net  (31.13.91.6:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-ams3.facebook.com  (31.13.91.36:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-arn2.fbcdn.net  (31.13.72.12:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-arn2.facebook.com  (31.13.72.36:443)

TCP (HTTP):
Connects to c4.3e.559e.ip4.static.sl-reverse.com  (158.85.62.196:80)

TCP (HTTP):
Connects to server-54-192-3-106.lhr5.r.cloudfront.net  (54.192.3.106:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-cdg2.fbcdn.net  (179.60.192.7:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-cdg2.facebook.com  (179.60.192.36:443)

TCP (HTTP):
Connects to a23-219-162-96.deploy.static.akamaitechnologies.com  (23.219.162.96:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-ord1.facebook.com  (31.13.74.36:443)

TCP (HTTP):
Connects to a23-219-162-113.deploy.static.akamaitechnologies.com  (23.219.162.113:80)

TCP (HTTP):
Connects to a104-104-244-216.deploy.static.akamaitechnologies.com  (104.104.244.216:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-ord1.fbcdn.net  (31.13.74.7:443)

TCP (HTTP):
Connects to a23-215-105-99.deploy.static.akamaitechnologies.com  (23.215.105.99:80)

Remove crextp5z.exe - Powered by Reason Core Security