mside8a.tmp

Adpeak, Inc.

Part of an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The file mside8a.tmp by Adpeak has been detected as adware by 17 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Level Quality Watcher”.
Publisher:
Adpeak, Inc.  (signed and verified)

MD5:
6eb73011178830064ebedd1ee12027d0

SHA-1:
8f2300c7f61ea2fbdecf69a6e7adbc0b1793c63e

SHA-256:
e331f0ac51c284d7990c642cebaa95a164a8d071798471afd32b5ef83bffe43a

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
12/26/2024 7:18:14 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Adpeak.B
1150

AVG
MalSign.Adpeak
2014.0.3628

Bitdefender
Adware.Adpeak.B
1.0.20.1620

Bkav FE
W32.Clodf06.Trojan
1.3.0.4613

Boost by Reason
Trojan.Adw.Adpeak.K
2013.11.20.5

Emsisoft Anti-Malware
Adware.Adpeak
8.13.12.29.08

ESET NOD32
Win64/Adware.Adpeak (variant)
7.9190

F-Secure
Adware.Adpeak.B
11.2013-12-12_5

G Data
Adware.Adpeak
13.11.22

IKARUS anti.virus
AdWare.Adpeak
t3scan.2.2.29

K7 AntiVirus
Riskware
13.174.10656

McAfee
Artemis!6EB730111788
5600.7284

MicroWorld eScan
Adware.Adpeak.B
14.0.0.1038

Panda Antivirus
Suspicious file
13.12.12.06

Reason Heuristics
PUP.Service.Adpeak.K
14.8.7.17

Sophos
AdPeak
4.96

VIPRE Antivirus
Adware.Adpeak
24870

File size:
496 KB (507,912 bytes)

Common path:
C:\windows\installer\mside8a.tmp

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
7/17/2013 5:00:00 PM

Valid to:
9/24/2014 5:00:00 AM

Subject:
CN="Adpeak, Inc.", O="Adpeak, Inc.", L=Sarasota, S=Florida, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E4C86026B3F1F3BDBEDF4DA58E8FF09

Service
Display name:
Level Quality Watcher

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.50.2:80)

Remove mside8a.tmp - Powered by Reason Core Security