home

nsDialogs.dll

APN, LLC Installer Plugin

IAC Search and Media

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The module nsDialogs.dll by IAC Search and Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the APN Stub installer. It is also typically executed from the user's temporary directory.
Publisher:
APN, LLC  (signed by IAC Search and Media)

Product:
APN, LLC Installer Plugin

Version:
2.1.2.16228

MD5:
0a9f55218b1142fc659f0589f7d34ef0

SHA-1:
e4c50cecc341684b151da5681632145eda81aa34

SHA-256:
805782c55a25974a36b0b17dc9eead0453761fd4d6163bb527a8194d7ed0f393

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/29/2024 12:15:43 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask (M)
16.9.19.6

File size:
186.8 KB (191,304 bytes)

Product version:
2.1.0.16228

Copyright:
© 2016 APN, LLC. An IAC Company. All rights reserved.

Trademarks:
© & ™ 2016 APN, LLC. An IAC Company. All rights reserved.

Original file name:
nsDialogs.dll

File type:
Dynamic link library (Win32 DLL)

Installer:
APN Stub

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\nsdialogs.dll

Digital Signature
Signed by:
IAC Search and Media

Authority:
Symantec Corporation

Valid from:
9/21/2015 8:00:00 PM

Valid to:
11/16/2018 6:59:59 PM

Subject:
CN=IAC Search and Media, O=IAC Search and Media, L=Oakland, S=California, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
555361B990788EAF1F345E34ECA97A08

File PE Metadata
Compilation timestamp:
8/23/2016 4:49:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:Ib3K1lSLKhaXp5R3gxqj9Lx0hc+Cqo8UlQrwAqFeKNfy/qF4zF4zvPORNz9cobLt:6F6qjtocpqwAq8ay/qFo4zvmbRLt

Entry address:
0x1828C

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 17, 45, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 14, F3, 02, 10, 00, 74, 05, E9, 72, 45, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9...
 
[+]

Entropy:
6.2923

Code size:
152.5 KB (156,160 bytes)

Remove nsDialogs.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.