» askinstallchecker-1.8.0.0.exe
Overview
Analysis
File Details
Downloads (1)
Network (3)

askinstallchecker-1.8.0.0.exe

Install Checker

Ask.com

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application askinstallchecker-1.8.0.0.exe by Ask.com has been detected as a potentially unwanted program by 2 anti-malware scanners. This version of the file will bundle the Ask.com Toolbar, a potentially unwanted web browser extension. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from media.ask.com. While running, it connects to the Internet address 74.113.233.61.df.iaccap.com on port 80 using the HTTP protocol.

File name:

Publisher:

Ask.com (signed and verified)

Product:

Install Checker

Version:

1.8.0.0

MD5:

0cfe2496e19fc81f5572dc2945008120

SHA-1:

da2b88f255c5f320735b220a82b9dea33e3364b8

SHA-256:

90e752b131a8489757a6254a71fb2f108540603fff79b9788c396c487b18f206

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 7:51:47 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Bundled.Toolbar.Ask (variant)

8.8587

Reason Heuristics

PUP.Ask.W

14.8.8.2

File size:

294.3 KB (301,400 bytes)

Product version:

1.8.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\askinstallchecker-1.8.0.0.exe

Digital Signature

Signed by:

Ask.com

Authority:

VeriSign, Inc.

Valid from:

6/17/2008 3:00:00 AM

Valid to:

6/18/2011 2:59:59 AM

Subject:

CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

286F8A30E2EAC6965B936F826A05305D

File PE Metadata

Compilation timestamp:

12/24/2010 4:06:29 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:IsGorSydoud7HdwPo5ToLPB0I4nyxZz8BOyx:I0S+1HdKo58zB0ItWwE

Entry address:

0x17454

Entry point:

E8, D6, 99, 00, 00, E9, 79, FE, FF, FF, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04... 
[+]

Entropy:

6.7042

Code size:

174.5 KB (178,688 bytes)

The file askinstallchecker-1.8.0.0.exe has been seen being distributed by the following URL.

http://media.ask.com/media/toolbar/.../AskInstallChecker-1.8.0.0.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 74.113.233.61.df.iaccap.com (74.113.233.61:80)

TCP (HTTP):

Connects to 199.36.102.106.df.iacapn.com (199.36.102.106:80)

TCP (HTTP):

Connects to 199.36.100.106.df.iacapn.com (199.36.100.106:80)

Remove askinstallchecker-1.8.0.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.