home

askpip_ff_.exe

Offercast - APN Install Manager

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application askpip_ff_.exe by Ask.com has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the Offercast APN Install Manager installer. This version of the installer will bundle the Ask.com Toolbar, a potentially unwanted web browser extension. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address 199.36.100.103.df.iacapn.com on port 80 using the HTTP protocol.
Publisher:
Ask.com  (signed and verified)

Product:
Offercast - APN Install Manager

Version:
2.6.7.0

MD5:
b3a840e05f27dc6ae773a5d622bfa994

SHA-1:
304a3b9c9a3c02079f43ed1f65fdfd64a5f32802

SHA-256:
5fef00dda21fe6cb878868fccb5aec0cc3ea25a93b096b17d0cf9ffeb235e60c

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
This is the APN Offercast install manager which will offer the user to opt-out of installing the Ask.com Toolbar as part of the setup routine.

Analysis date:
4/19/2024 8:27:05 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Ask
7.1.1

Avira AntiVirus
TR/Trash.Gen
7.11.124.138

Baidu Antivirus
Trojan.Win32.Bundled
4.0.3.1514

Dr.Web
Adware.Downware.1417
9.0.1.0358

Emsisoft Anti-Malware
Trojan-Ransom.Win32.LockScreen
8.15.01.04.11

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant)
7.8809

Fortinet FortiGate
Adware/InstallQ
1/4/2015

herdProtect (fuzzy)
variant of askinstaller.exe (Adware)
2013.12.24.23

Malwarebytes
PUP.Optional.Spigot.A
v2013.12.24.02

NANO AntiVirus
Trojan.Win32.Downware.crduvi
0.28.0.57029

Reason Heuristics
PUP.Installer.Ask.K
14.8.8.2

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10135

File size:
765.2 KB (783,560 bytes)

Product version:
2.6.7.0

Copyright:
2010 (c) Ask.com. All rights reserved.

Original file name:
AskInstaller.exe

File type:
Executable application (Win32 EXE)

Installer:
Offercast APN Install Manager

Common path:
C:\users\{user}\appdata\local\temp\askpip_ff_.exe

Digital Signature
Signed by:
Ask.com

Authority:
VeriSign, Inc.

Valid from:
6/20/2011 3:00:00 AM

Valid to:
6/19/2014 2:59:59 AM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0965F2AC7236C7E1BDCA44ED139B273A

File PE Metadata
Compilation timestamp:
9/11/2012 12:00:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:A2uKx2KF6JauMvbCH0U++0DtsZSgRx/ko0xtM5b/NKv1XK5fkzwq6NPd9BMDHR2v:Aex2KMJauMvvJ+0D7o0TM5b/NKv1GsEH

Entry address:
0x683E4

Entry point:
E8, 1F, DE, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 18, 94, 48, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 44, 83, 48, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, A8, 6C, 4A, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, AC...
 
[+]

Entropy:
6.4682

Code size:
537.5 KB (550,400 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 199.36.100.103.df.iacapn.com  (199.36.100.103:80)

TCP (HTTP):
Connects to a92-122-203-12.deploy.akamaitechnologies.com  (92.122.203.12:80)

TCP (HTTP):
Connects to a184-86-116-51.deploy.static.akamaitechnologies.com  (184.86.116.51:80)

TCP (HTTP):
Connects to a184-29-5-164.deploy.static.akamaitechnologies.com  (184.29.5.164:80)

TCP (HTTP):
Connects to a23-50-176-166.deploy.static.akamaitechnologies.com  (23.50.176.166:80)

TCP (HTTP):
Connects to a104-94-4-98.deploy.static.akamaitechnologies.com  (104.94.4.98:80)

TCP (HTTP):
Connects to a23-58-2-138.deploy.static.akamaitechnologies.com  (23.58.2.138:80)

TCP (HTTP):
Connects to a104-93-237-224.deploy.static.akamaitechnologies.com  (104.93.237.224:80)

TCP (HTTP):
Connects to a23-214-126-102.deploy.static.akamaitechnologies.com  (23.214.126.102:80)

TCP (HTTP):
Connects to a23-212-131-214.deploy.static.akamaitechnologies.com  (23.212.131.214:80)

TCP (HTTP):
Connects to a104-93-106-192.deploy.static.akamaitechnologies.com  (104.93.106.192:80)

TCP (HTTP):
Connects to a104-108-152-27.deploy.static.akamaitechnologies.com  (104.108.152.27:80)

TCP (HTTP):
Connects to a104-75-76-68.deploy.static.akamaitechnologies.com  (104.75.76.68:80)

TCP (HTTP):
Connects to a23-9-178-195.deploy.static.akamaitechnologies.com  (23.9.178.195:80)

TCP (HTTP):
Connects to a23-7-241-166.deploy.static.akamaitechnologies.com  (23.7.241.166:80)

TCP (HTTP):
Connects to a184-24-130-121.deploy.static.akamaitechnologies.com  (184.24.130.121:80)

TCP (HTTP):
Connects to a104-109-23-59.deploy.static.akamaitechnologies.com  (104.109.23.59:80)

TCP (HTTP):
Connects to a104-108-232-135.deploy.static.akamaitechnologies.com  (104.108.232.135:80)

TCP (HTTP):
Connects to a95-100-14-3.deploy.akamaitechnologies.com  (95.100.14.3:80)

TCP (HTTP):
Connects to a92-122-180-142.deploy.akamaitechnologies.com  (92.122.180.142:80)

Remove askpip_ff_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.