home

askpip_ff_.exe

Offercast - APN Install Manager

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application askpip_ff_.exe by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Offercast APN Install Manager installer.
Publisher:
Ask.com  (signed and verified)

Product:
Offercast - APN Install Manager

Version:
2.9.1.0

MD5:
d1f3bf8f7aedea018942307b6e8ad661

SHA-1:
6246c898ada1f5c9edc94d4f3440c955dd8f3280

SHA-256:
b08e5d7e32146bf1095cc24f0b7a1749de8082696a78814b1227d932322b77b1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
This is the APN Offercast install manager which will offer the user to opt-out of installing the Ask.com Toolbar as part of the setup routine.

Analysis date:
4/26/2024 11:55:54 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask (M)
16.11.15.23

File size:
5.3 MB (5,521,336 bytes)

Product version:
2.9.1.0

Copyright:
2010 (c) Ask.com. All rights reserved.

Original file name:
AskInstaller.exe

File type:
Executable application (Win32 EXE)

Installer:
Offercast APN Install Manager

Common path:
C:\Program Files\freetime\formatfactory\ffmodules\package\ask\askpip_ff_.exe

Digital Signature
Signed by:
Ask.com

Authority:
VeriSign, Inc.

Valid from:
1/23/2014 3:00:00 AM

Valid to:
6/19/2014 2:59:59 AM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0E92120309E5E292CD4FFE132C48D3D8

File PE Metadata
Compilation timestamp:
3/11/2014 3:25:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:UUclLovHbkRbSOVrUOlo/BtqS+exjBy3dpXGWlnAwLN+5o4ibMy:UcbCb4p/Bt7jBy3H2ynbLN+MbMy

Entry address:
0x79EB4

Entry point:
E8, 3D, EF, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, B4, F5, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, F8, E2, 49, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, A8, 2C, 4C, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, AC...
 
[+]

Entropy:
1.7852

Code size:
624.5 KB (639,488 bytes)

Remove askpip_ff_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.