home

askpartnercobrandingtool.exe

Partner Cobranding

Dictionary.com

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application askpartnercobrandingtool.exe, “Ask Toolbar Partner Cobranding” by Dictionary.com has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Ask  (signed by Dictionary.com)

Product:
Partner Cobranding

Description:
Ask Toolbar Partner Cobranding

Version:
5.9.1.0

MD5:
1ad6aeda7fcdb34b72cfeb7b81b84735

SHA-1:
0835b037c9f9e933e37e17f7f8d4d9ac82b807e9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 11:16:45 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.8.17.0

File size:
246 KB (251,856 bytes)

Product version:
5.9.1.0

Copyright:
(c) Ask 2009. All rights reserved.

Original file name:
AskPartnerCobrandingTool

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\askpartnercobrandingtool.exe

Digital Signature
Signed by:
Dictionary.com

Authority:
VeriSign, Inc.

Valid from:
12/15/2009 6:00:00 PM

Valid to:
12/16/2011 5:59:59 PM

Subject:
CN=Dictionary.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Dictionary.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
345BD4AD5F18CB3CF53744DDDB3E0903

File PE Metadata
Compilation timestamp:
10/5/2010 3:03:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:30hBo4+g5AMh1BqdU1LUXUR0+0uxZztVQW:+QgeMN86UUR0IbWW

Entry address:
0xEB05

Entry point:
E8, 79, 87, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 57, FF, 35, B8, D7, 42, 00, E8, 10, 42, 00, 00, FF, 35, B4, D7, 42, 00, 8B, F8, 89, 7D, FC, E8, 00, 42, 00, 00, 8B, F0, 59, 59, 3B, F7, 0F, 82, 83, 00, 00, 00, 8B, DE, 2B, DF, 8D, 43, 04, 83, F8, 04, 72, 77, 57, E8, C8, 87, 00, 00, 8B, F8, 8D, 43, 04, 59, 3B, F8, 73, 48, B8, 00, 08, 00, 00, 3B, F8, 73, 02, 8B, C7, 03, C7, 3B, C7, 72, 0F, 50, FF, 75, FC, E8, 24, 2D, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 47, 10, 3B, C7, 72, 40, 50, FF, 75...
 
[+]

Entropy:
6.7677

Code size:
137.5 KB (140,800 bytes)

Remove askpartnercobrandingtool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.