home

Spark.exe

spark

Baidu Online Network Technology (Beijing) Co.,Ltd.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Spark’. This is installed with Baidu Browser. The file has been seen being downloaded from pharmacy.scuegypt.edu.eg.
Publisher:
Baidu Online Network Technology (Beijing) Co.,Ltd.  (signed and verified)

Product:
spark

Version:
43.23.1000.467

MD5:
c66a9e8da5d457c616588afa7f51fe34

SHA-1:
d80a3b2a073425bae3fcd3f97e47c199ed693974

SHA-256:
436e3b7fd89b1eb509d58660b90c3d29f15f52947b488bc6dfcf9bebd09245c0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/15/2024 1:29:59 PM UTC  (today)

File size:
960.3 KB (983,352 bytes)

Product version:
43.23.1000.467

Copyright:
Copyright (C) 2011

Original file name:
Spark.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\baidu\spark\spark.exe

Digital Signature
Signed by:
Baidu Online Network Technology (Beijing) Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
3/25/2015 7:00:00 AM

Valid to:
3/26/2016 6:59:59 AM

Subject:
CN="Baidu Online Network Technology (Beijing) Co.,Ltd.", OU=Baidu security, O="Baidu Online Network Technology (Beijing) Co.,Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5FAEE9E83F32948F3B2040AC6DF0145C

File PE Metadata
Compilation timestamp:
1/15/2016 10:43:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:fku6SUiYNMPP8q6LAGt8dToKvgrN4+9xXeaArhb:R9RGq+9xZAhb

Entry address:
0x73B3E

Entry point:
E8, A7, 9A, 00, 00, E9, 89, FE, FF, FF, 6A, 08, B8, CC, CE, 48, 00, E8, 16, 42, 00, 00, FF, 75, 08, 83, 65, FC, 00, E8, BA, EB, FF, FF, 59, 89, 45, EC, 8B, 45, EC, E8, 6A, 42, 00, 00, C3, 83, 65, EC, 00, B8, 64, 3B, 47, 00, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 57, 85, F6, 74, 07, 8B, 7D, 0C, 85, FF, 75, 15, E8, 5D, 41, 00, 00, 6A, 16, 5E, 89, 30, E8, 37, 64, 00, 00, 8B, C6, 5F, 5E, 5D, C3, 8B, 45, 10, 85, C0, 75, 05, 66, 89, 06, EB, DF, 8B, D6, 2B, D0, 0F, B7, 08, 66, 89, 0C, 02, 83, C0, 02, 66, 85, C9...
 
[+]

Entropy:
6.5326

Code size:
567.5 KB (581,120 bytes)

2 Scheduled Tasks
Task name:
{4A6526A2-5D93-406F-A9E3-58DB8D87BDD7}

Trigger:
Registration (Runs on registration)

Task name:
Open Browser

Path:
\cFos\Registration Tasks\Open Browser

Trigger:
Registration (Runs on registration)

Description:
Opens a browser window when the task is registered.


3 Shell Open Commands
Open type:
ftp

Command:
"C:\Program Files\baidu\spark\spark.exe" -- "%1"

Open type:
http

Command:
"C:\Program Files\baidu\baidu browser43.22.1000.452.1\spark.exe" -- "%1"

Open type:
https

Command:
"C:\Program Files\baidu\baidu browser43.22.1000.452.1\spark.exe" -- "%1"


Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Spark

Command:
C:\Program Files\baidu\spark\spark.exe --autostartnoui=yes


29 Windows Firewall Allowed Programs
Name:
spark

Name:
D:\Program Files\baidu\Spark\Spark.exe

Name:
C:\Program Files\baidu\Baidu Browser\Spark.exe

Name:
C:\Program Files\baidu\Spark\Spark.exe

Name:
C:\Program Files\baidu\Baidu Browser40.17.1000.248.1\Spark.exe

Name:
C:\Arquivos de programas\baidu\Baidu Browser\Spark.exe


The file Spark.exe has been discovered within the following program.

Baidu Browser  by Baidu, Inc.
25% remove it
 
Powered by Should I Remove It?

The file Spark.exe has been seen being distributed by the following URL.

http://pharmacy.scuegypt.edu.eg/

Scan Spark.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.