home

offercastinstaller.exe

Offercast - APN Install Manager

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application offercastinstaller.exe by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Offercast APN Install Manager installer. The file has been seen being downloaded from ak.pipoffers.apnpartners.com.
Publisher:
Ask.com  (signed and verified)

Product:
Offercast - APN Install Manager

Version:
3.5.0.15600

MD5:
eb112191a999797136b05d8b96619892

SHA-1:
d493f61d92f5504b17a31d5fefa49f1997a30bdc

SHA-256:
5f9e17244a7fd31d12be3a00136d0136d1d6ec5002e344c132cc6fe56d6c8488

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
This is the APN Offercast install manager which will offer the user to opt-out of installing the Ask.com Toolbar as part of the setup routine.

Analysis date:
5/1/2024 7:15:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask (M)
17.3.13.14

File size:
882.4 KB (903,584 bytes)

Product version:
3.5.0.15600

Copyright:
2010: (c) Ask.com. All rights reserved.

Original file name:
APNInstaller.exe

File type:
Executable application (Win32 EXE)

Installer:
Offercast APN Install Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\offercastinstaller.exe

Digital Signature
Signed by:
Ask.com

Authority:
VeriSign, Inc.

Valid from:
6/2/2014 2:00:00 AM

Valid to:
8/1/2016 1:59:59 AM

Subject:
CN=Ask.com, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
071C9C2CC792BCB19C804C3655D4DE1F

File PE Metadata
Compilation timestamp:
5/6/2015 2:21:20 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x976E

Entry point:
E8, CC, 47, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 48, D3, 41, 00, 89, 0D, 44, D3, 41, 00, 89, 15, 40, D3, 41, 00, 89, 1D, 3C, D3, 41, 00, 89, 35, 38, D3, 41, 00, 89, 3D, 34, D3, 41, 00, 66, 8C, 15, 60, D3, 41, 00, 66, 8C, 0D, 54, D3, 41, 00, 66, 8C, 1D, 30, D3, 41, 00, 66, 8C, 05, 2C, D3, 41, 00, 66, 8C, 25, 28, D3, 41, 00, 66, 8C, 2D, 24, D3, 41, 00, 9C, 8F, 05, 58, D3, 41, 00, 8B, 45, 00, A3, 4C, D3, 41, 00, 8B, 45, 04, A3, 50, D3, 41, 00, 8D, 45, 08, A3, 5C, D3, 41...
 
[+]

Code size:
83.5 KB (85,504 bytes)

The file offercastinstaller.exe has been seen being distributed by the following URL.

https://ak.pipoffers.apnpartners.com/static/partners/.../OffercastInstaller.exe

Remove offercastinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.