home

askpartnercobrandingtool.exe

Partner Cobranding

Dictionary.com

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application askpartnercobrandingtool.exe, “Ask Toolbar Partner Cobranding” by Dictionary.com has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
Ask  (signed by Dictionary.com)

Product:
Partner Cobranding

Description:
Ask Toolbar Partner Cobranding

Version:
5.12.2.16752

MD5:
90b7a853e286915fae384c8dfad6e49d

SHA-1:
0bfa43825dc22d0443c2d2186d9617634a6d3a82

SHA-256:
81159c33432765a6395245ba9dcd4ac3ee9f66eb9b3161996cf4c9568e7a27bc

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 11:12:52 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.1.27.19

File size:
238.5 KB (244,176 bytes)

Product version:
5.12.2.16752

Copyright:
(c) Ask 2009. All rights reserved.

Original file name:
AskPartnerCobrandingTool

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\askpartnercobrandingtool.exe

Digital Signature
Signed by:
Dictionary.com

Authority:
VeriSign, Inc.

Valid from:
12/15/2009 4:00:00 PM

Valid to:
12/16/2011 3:59:59 PM

Subject:
CN=Dictionary.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Dictionary.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
345BD4AD5F18CB3CF53744DDDB3E0903

File PE Metadata
Compilation timestamp:
5/17/2011 5:03:14 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:QqqK3mjlGcup03autULgqHrRE60qqqqqqqqqqqqHaw:bOGcui3auyTHr30qqqqqqqqqqqqHaw

Entry address:
0xEB5B

Entry point:
E8, 3C, 88, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 57, FF, 35, BC, D7, 42, 00, E8, CC, 61, 00, 00, FF, 35, B8, D7, 42, 00, 8B, F8, 89, 7D, FC, E8, BC, 61, 00, 00, 8B, F0, 59, 59, 3B, F7, 0F, 82, 83, 00, 00, 00, 8B, DE, 2B, DF, 8D, 43, 04, 83, F8, 04, 72, 77, 57, E8, 8B, 88, 00, 00, 8B, F8, 8D, 43, 04, 59, 3B, F8, 73, 48, B8, 00, 08, 00, 00, 3B, F8, 73, 02, 8B, C7, 03, C7, 3B, C7, 72, 0F, 50, FF, 75, FC, E8, EB, 33, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 47, 10, 3B, C7, 72, 40, 50, FF, 75...
 
[+]

Entropy:
6.8204

Code size:
138 KB (141,312 bytes)

Remove askpartnercobrandingtool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.