home

IACNativeMsgHost.exe

IAC Native Messaging Host

IAC Search and Media

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application IACNativeMsgHost.exe by IAC Search and Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
IAC Search and Media  (signed and verified)

Product:
IAC Native Messaging Host

Version:
1.2.0.73

MD5:
b3e601d0756000b123190aea9f657703

SHA-1:
17c9d62bdcf5ba4929d6311df15b89c14d44d16e

SHA-256:
4761121585443b1349d26ba09e84446e8a70e85ab8c5f1d522a71458013c5377

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 6:53:16 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask (M)
17.1.24.10

File size:
178.4 KB (182,688 bytes)

Product version:
1.2.0.73

Copyright:
(c) 2014 IAC Search and Media, Inc. All Rights Reserved.

Original file name:
IACNativeMsgHost.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\ilividmoviestoolbar280\gc\iacnativemsghost.exe

Digital Signature
Signed by:
IAC Search and Media

Authority:
VeriSign, Inc.

Valid from:
1/23/2014 5:30:00 AM

Valid to:
10/21/2015 5:29:59 AM

Subject:
CN=IAC Search and Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=IAC Search and Media, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5367F5135FCC8B151C3E3EE4BEFD1DFB

File PE Metadata
Compilation timestamp:
4/10/2015 11:26:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.0

Entry address:
0xFEC3

Entry point:
E8, E0, 5B, 00, 00, E9, 7B, FE, FF, FF, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 98, A7, 42, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 90, 91, 42, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 98, A7, 42, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03...
 
[+]

Entropy:
6.5041

Code size:
118 KB (120,832 bytes)

Remove IACNativeMsgHost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.