» askbarsetup_uk.exe
Overview
Analysis
File Details

askbarsetup_uk.exe

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application askbarsetup_uk.exe, “Ask Toolbar (UK) Setup ” by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the APN Stub installer.

File name:

askbarsetup_uk.exe

Publisher:

Ask.com (signed by Ask.com)

Description:

Ask Toolbar (UK) Setup

MD5:

8a4d9fb92dcc418e3077d6b312e81243

SHA-1:

f90fc732936fcf101e257f89d812c69bbda71bdb

SHA-256:

162fbce144a3745a5297f81ec61dde14f9c3353414ccbc8fe19cab07a8b42d1d

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/23/2024 7:58:12 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Ask.Installer (M)

16.2.3.21

File size:

476.3 KB (487,688 bytes)

File type:

Executable application (Win32 EXE)

Installer:

APN Stub

Language:

English (United States)

Common path:

C:\users\{user}\downloads\askbarsetup_uk.exe

Digital Signature

Signed by:

Ask.com

Authority:

GeoTrust Inc

Valid from:

7/13/2006 9:51:35 PM

Valid to:

7/13/2008 9:51:35 PM

Subject:

CN=Ask.com, OU=GeoTrust Code Signing, O=Ask.com, L=Oakland, S=CA, C=US

Issuer:

CN=GeoTrust TrustCenter CodeSigning CA I, O=GeoTrust Inc, OU=GeoTrust TrustCenter CodeSigning CA, C=US

Serial number:

00A14100010020D9D7891D7DD5115F

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:Qmz39dIqDboBML45sTyLhtD5MzxqrMnTu7UrMq0pq:QI39dJoBZ5UyDD+z0XUrEs

Entry address:

0x97F0

Entry point:

55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, D6, 98, FF, FF, E8, DD, AA, FF, FF, E8, 00, CD, FF, FF, E8, 47, CD, FF, FF, E8, 3E, F3, FF, FF, E8, A5, F4, FF, FF, 33, C0, 55, 68, 9A, 9E, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 50, 9E, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 5A, FA, FF, FF, 8D, 55, F0, 33, C0, E8, C0, D1, FF, FF, 8B, 55, F0, B8, D4, BD, 40, 00, E8, 87, 99, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D4, BD, 40, 00, B2, 01, B8... 
[+]

Entropy:

7.7861

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36 KB (36,864 bytes)

Remove askbarsetup_uk.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.