» CrExtP89.exe
Overview
Analysis
File Details
Programs (10)
Network (9)

CrExtP89.exe

Mindspark Interactive Network

The application CrExtP89.exe by Mindspark Interactive Network has been detected as a potentially unwanted program by 7 anti-malware scanners. Additionally, the file is typically installed by a number of programs including MapsGalaxy Firefox Toolbar by Mindspark Interactive Network and RadioRage Firefox Toolbar by Mindspark Interactive Network, both potentially unwanted software. This version of the file will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension. While running, it connects to the Internet address xx-fbcdn-shv-01-sin6.fbcdn.net on port 80 using the HTTP protocol.

File name:

CrExtP89.exe

Publisher:

Mindspark Interactive Network (signed and verified)

Version:

1.0.6.50

MD5:

a39fd864f89f77a3da2679f135ab7a67

SHA-1:

ff9f058b12b6c4d9b6256304fa9078e391c7f32c

SHA-256:

26d571099e86388d8ca1b102f7c97d989426aaf450641afed203b8c6153c8ba0

Scanner detections:

7 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 8:29:33 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Mindspark-A [PUP]

2014.9-131222

AVG

Zango

2014.0.3617

Bkav FE

W32.Clod314.Trojan

1.3.0.4923

Dr.Web

Adware.MyWebSearch.47

9.0.1.0356

nProtect

Adware/W32.Agent.1370184

14.01.20.01

Reason Heuristics

PUP.MindsparkInteractiveNetwork.I

14.8.8.1

VIPRE Antivirus

MyWebSearch.J

25606

File size:

1.3 MB (1,370,184 bytes)

Product version:

1.0.6.50

Original file name:

CrExtProc.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\safepcrepair_89\bar\1.bin\crextp89.exe

Digital Signature

Signed by:

Mindspark Interactive Network

Authority:

VeriSign, Inc.

Valid from:

4/10/2012 3:00:00 AM

Valid to:

5/7/2015 2:59:59 AM

Subject:

CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

098417F7EA6406EC7B320590E17A65B7

File PE Metadata

Compilation timestamp:

4/16/2013 3:44:26 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:erMfdkSrfXlJeSVgoWFMKVmIxnHofzqI8PBbH1/sjHBkJYOX9dosdzp+:eskMXlJeSVgrFTIcd10jHBkbX9ayzp+

Entry address:

0x95E1B

Entry point:

E8, 31, BD, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 83, 65, E0, 00, 57, 6A, 07, 59, 33, C0, 8D, 7D, E4, F3, AB, 5F, 85, F6, 75, 15, E8, CC, 0B, 00, 00, C7, 00, 16, 00, 00, 00, E8, C8, 75, 00, 00, 83, C8, FF, C9, C3, 39, 45, 0C, 74, E6, 56, E8, 3F, 15, 00, 00, 59, B9, FF, FF, FF, 7F, C7, 45, EC, 49, 00, 00, 00, 89, 75, E8, 89, 75, E0, 89, 4D, E4, 3B, C1, 77, 03, 89, 45, E4, FF, 75, 14, 8D, 45, E0, FF, 75, 10, FF, 75, 0C, 50, FF, 55, 08, 83, C4, 10, C9, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75... 
[+]

Entropy:

6.5089

Code size:

770 KB (788,480 bytes)

The file CrExtP89.exe has been discovered within the following programs.

Allin1Convert Firefox Toolbar by Mindspark Interactive Network

Functionality of the toolbar includes: - Changing the web browser's default home page to MyWebSearch.com. - Changing the browser's search provider, built-in search box to MyWebSearch.com. - Ability to modify the 'new tab' functionality to launch the modified search portal page.

support.mindspark.com

68% remove it

Allin1Convert Internet Explorer Toolbar by Mindspark Interactive Network

Publisher's description - “By downloading a Toolbar provided by Mindspark, you will be installing a toolbar in your Internet browser (and any supported email functions and/or chat functions), with one or more of the following features (these features may vary for different versions of the Toolbar and/or if you utilize any customization tools offered by the version for the Toolbar you download) and may also include one or more additional software downloads or features provided by third party vendors (the "Mindspark Products"): SEARCH BOX: This is a search box located within the toolbar that will help you search the Internet with search results from our search results partner.”

64% remove it

CouponXplorer Internet Explorer Toolbar by Mindspark Interactive Network

Installs an Ask.com toolbar in Internet Explorer as a Browser Helper Object. According to the EULA (see below) as well as the behavior of the software, this toolbar will install search functionality in IE by modifying the default search, address bar and redirect queries.

www.couponxplorer.com

61% remove it

FilmFanatic Firefox Toolbar by Mindspark Interactive Network

FilmFanatic Firefox Toolbar is a web browser extension that changes the browsers search and home pages as well as delivers.

eula.mindspark.com/ask

70% remove it

FromDocToPDF Firefox Toolbar by Mindspark Interactive Network

FromDocToPDF Firefox Toolbar is a web browser toolbar and extension that modifies the browsers search and home pages as well as delivers contextual based advertising.

61% remove it

FromDocToPDF Internet Explorer Toolbar by Mindspark Interactive Network

FromDocToPDF Internet Explorer Toolbar is a web browser extension that changes the browsers search and home pages as well as delivers.

62% remove it

MapsGalaxy Firefox Toolbar by Mindspark Interactive Network

MapsGalaxy Firefox Toolbar installs is a web browser extension and allows provides users the means to search the Internet with MyWebSearch, a potentially unwanted program that changes and redircts all of your search results as well as DNS errors, and modifies your home page to mywebsearch.

74% remove it

MapsGalaxy Internet Explorer Toolbar by Mindspark Interactive Network

MapsGalaxy Internet Explorer Toolbar installs is a web browser extension and allows provides users the means to search the Internet with MyWebSearch, a potentially unwanted program that changes and redircts all of your search results as well as DNS errors, and modifies your home page to mywebsearch.

75% remove it

MyImageConverter Firefox Toolbar by Mindspark Interactive Network

This toolbar/web browser extension is ad/search-supported that is typically installed as an optional offer, users generally have this bundled with 3rd party software.

63% remove it

PopularScreensavers Internet Explorer Toolbar by Mindspark Interactive Network

66% remove it

Latest 20 of 20 programs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to xx-fbcdn-shv-01-ort2.fbcdn.net (157.240.2.25:80)

TCP (HTTP):

Connects to h216-165-156-98.mdsnwi.tisp.static.tds.net (216.165.156.98:80)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-ort2.facebook.com (157.240.2.35:443)

TCP (HTTP):

Connects to xx-fbcdn-shv-01-sin6.fbcdn.net (157.240.7.26:80)

TCP (HTTP):

Connects to mdsnwinas05-fa0-1.network.tds.net (216.165.156.88:80)

TCP (HTTP):

Connects to a23-219-88-166.deploy.static.akamaitechnologies.com (23.219.88.166:80)

TCP (HTTP):

Connects to a104-103-70-50.deploy.static.akamaitechnologies.com (104.103.70.50:80)

TCP (HTTP):

Connects to 74.113.237.189.lv.iaccap.com (74.113.237.189:80)

TCP (HTTP):

Connects to a184-51-42-31.deploy.static.akamaitechnologies.com (184.51.42.31:80)

Remove CrExtP89.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.