home

puredefmusictoolbarsetup.exe

PureDef Music Toolbar

Mindspark Interactive Network

This is the installer stub for the Mindspark (PureDef Music/Ask) browser toolbar which provides the offer to the end user to install the toolbar and set the browser's search, home page and new tab to an Ask.com search destination. The application puredefmusictoolbarsetup.exe by Mindspark Interactive Network has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the Mindspark Custom Setup installer. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.
Publisher:
PureDef Music  (signed by Mindspark Interactive Network)

Product:
PureDef Music Toolbar

Version:
2, 0, 0, 9

MD5:
a36b6f38586775565bac0fbc1cc61be5

SHA-1:
2b5e2f2aa29ef3ff9603d2908dc1577edfdd2df5

SHA-256:
d08125f646dbd97605b2f36faeb2e042264ca164ab697910c623e919e64523f6

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
1/13/2025 8:30:37 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.AdInstaller
7.1.1

Avira AntiVirus
Adware/Adware.943480
7.11.144.200

avast!
Win32:Adware-gen [Adw]
2014.9-140704

Clam AntiVirus
Win.Adware.Myway-18
0.98/18355

Comodo Security
UnclassifiedMalware
18151

Dr.Web
Adware.MyWay.59
9.0.1.0185

ESET NOD32
Win32/Toolbar.MyWebSearch (variant)
8.9709

Malwarebytes
Adware.MyWay
v2014.07.04.11

NANO AntiVirus
Trojan.Win32.AdInstaller.bdemhe
0.28.0.59492

Norman
Suspicious_Gen4.OQKT
11.20140704

Qihoo 360 Security
Win32/Virus.Adware.f29
1.0.0.1015

Reason Heuristics
PUP.Installer.MindsparkInteractiveNetwork.Y
14.8.8.2

Rising Antivirus
PE:Trojan.Win32.Generic.12A811B7!313004471
23.00.65.14702

Vba32 AntiVirus
Adware.MyWay
3.12.26.0

VIPRE Antivirus
MyWebSearch.J
28516

File size:
921.4 KB (943,480 bytes)

Product version:
2, 0, 0, 9

Copyright:
Copyright © 2009

Original file name:
p3Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Mindspark Custom Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\puredefmusictoolbarsetup.exe

Digital Signature
Signed by:
Mindspark Interactive Network

Authority:
VeriSign, Inc.

Valid from:
5/6/2009 7:00:00 PM

Valid to:
5/7/2010 6:59:59 PM

Subject:
CN=Mindspark Interactive Network, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mindspark Interactive Network, L=White Plains, S=NewYork, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0CB2B2261097404983B5ED92F342DE82

File PE Metadata
Compilation timestamp:
11/23/2009 9:53:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:DXVbvJBhpzoI/afT+ENPuPTKRtxMOojybG/7nkgPcN:DXVbxBrzo1fT5uPcli/7nkgPcN

Entry address:
0x301B

Entry point:
55, 8B, EC, 83, EC, 44, 53, 56, 6A, 00, FF, 15, F4, 40, 40, 00, A3, EC, 58, 40, 00, FF, 15, 84, 40, 40, 00, 8B, 1D, 80, 40, 40, 00, 8B, F0, 85, F6, 75, 04, 6A, FF, FF, D3, 8A, 06, 57, 8B, 3D, 5C, 41, 40, 00, 3C, 22, 75, 1B, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 04, 84, C0, 75, F1, 80, 3E, 22, 75, 15, 56, FF, D7, 8B, F0, EB, 0E, 3C, 20, 7E, 0A, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, 8A, 06, 84, C0, 74, 04, 3C, 20, 7E, E1, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 7C, 40, 40, 00, E8, 2D, 00, 00, 00, F6, 45...
 
[+]

Entropy:
5.9260

Developed / compiled with:
Microsoft Visual C++

Code size:
12 KB (12,288 bytes)

The file puredefmusictoolbarsetup.exe has been seen being distributed by the following URL.

http://cdn1.sourcemirror.info/binstallers/.../PureDefMusicToolbarSetup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www187.mindspark.com  (74.113.233.187:80)

TCP (HTTP):
Connects to anx.mindspark.com  (74.113.233.187:80)

Remove puredefmusictoolbarsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.