home

offercast2910_ndv_.exe

Offercast - APN Install Manager

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application offercast2910_ndv_.exe by Ask.com has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Offercast APN Install Manager installer. This version of the installer will bundle the Ask.com Toolbar, a potentially unwanted web browser extension.
Publisher:
Ask.com  (signed and verified)

Product:
Offercast - APN Install Manager

Version:
2.9.1.0

MD5:
1f8eb0a08612a515c49bd636b5c987bf

SHA-1:
e8615b81ae06d5fe690c302befa906b8b879426a

SHA-256:
3f8cc505aab32b6ba07caec531423e09f75a7f7f3c85dad8ee263d4983816690

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
This is the APN Offercast install manager which will offer the user to opt-out of installing the Ask.com Toolbar as part of the setup routine.

Analysis date:
4/26/2024 9:10:16 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant)
8.9601

Reason Heuristics
PUP.Installer.Ask.S
14.8.8.2

File size:
1 MB (1,051,576 bytes)

Product version:
2.9.1.0

Copyright:
2010 (c) Ask.com. All rights reserved.

Original file name:
AskInstaller.exe

File type:
Executable application (Win32 EXE)

Installer:
Offercast APN Install Manager

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\tempdir\offercast2910_ndv_.exe

Digital Signature
Signed by:
Ask.com

Authority:
VeriSign, Inc.

Valid from:
1/23/2014 12:00:00 AM

Valid to:
6/19/2014 12:59:59 AM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0E92120309E5E292CD4FFE132C48D3D8

File PE Metadata
Compilation timestamp:
3/11/2014 10:30:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:0UclLovHbkRbSOVrUOlo/BtqS+exjBy3dpXGWrnj4NB+o8ibMyW:0cbCb4p/Bt7jBy3H2kncNLbMyW

Entry address:
0x79EB4

Entry point:
E8, 3D, EF, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, B4, F5, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, F8, E2, 49, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, A8, 2C, 4C, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, AC...
 
[+]

Code size:
624.5 KB (639,488 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a104-87-252-231.deploy.static.akamaitechnologies.com  (104.87.252.231:80)

TCP (HTTP):
Connects to a96-16-46-3.deploy.akamaitechnologies.com  (96.16.46.3:80)

TCP (HTTP):
Connects to a23-32-42-144.deploy.static.akamaitechnologies.com  (23.32.42.144:80)

TCP (HTTP):
Connects to a23-32-174-3.deploy.static.akamaitechnologies.com  (23.32.174.3:80)

TCP (HTTP):
Connects to a23-15-133-138.deploy.static.akamaitechnologies.com  (23.15.133.138:80)

TCP (HTTP):
Connects to a172-231-226-99.deploy.static.akamaitechnologies.com  (172.231.226.99:80)

TCP (HTTP):
Connects to 199.36.100.103.df.iacapn.com  (199.36.100.103:80)

Remove offercast2910_ndv_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.