» addb5ca70d098644b4a3fc9c550996964f2d5072
Overview
Analysis
File Details

addb5ca70d098644b4a3fc9c550996964f2d5072

Everest Installer

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The file addb5ca70d098644b4a3fc9c550996964f2d5072 by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the APN Stub installer. It is installed within the Mozilla Firefox web browser as part of an addin/plugin.

File name:

Publisher:

APN LLC. (signed by Ask.com)

Product:

Everest Installer

Version:

2.3.0.66

MD5:

067a42e238788700aff073f5d45b1501

SHA-1:

383c936f2acac30ddc287df2940410bcf182b7ca

SHA-256:

c3f3476085ef338cba88f37935854af30926692d562a6c6a3326243ab23e08c1

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/7/2024 3:57:05 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Ask.APN.Installer (M)

16.2.10.17

File size:

622.4 KB (637,295 bytes)

Product version:

2.3.0.66

Original file name:

Everest.exe

Installer:

APN Stub

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\mozilla\firefox\profiles\{user}.default\cache2\entries\addb5ca70d098644b4a3fc9c550996964f2d5072

Digital Signature

Signed by:

Ask.com

Authority:

VeriSign, Inc.

Valid from:

6/19/2011 7:00:00 PM

Valid to:

6/18/2014 6:59:59 PM

Subject:

CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0965F2AC7236C7E1BDCA44ED139B273A

File PE Metadata

Compilation timestamp:

12/11/2013 8:08:58 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:5CEbgl9zk7KEpLMX/GiR5VQhYgvEfUDLPB2AA/AVzKcT:5CEbglaKMC/GiRlUDl2AA/AV2cT

Entry address:

0x83D5

Entry point:

E8, F3, 46, 00, 00, E9, 89, FE, FF, FF, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 48, E1, 41, 00, 00, 74, 05, E9, 5C, 47, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24, 08, 5F, C3... 
[+]

Code size:

82.5 KB (84,480 bytes)

Remove addb5ca70d098644b4a3fc9c550996964f2d5072 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.