home

pipinstaller_ptv_.exe

TODO:

Ask.com

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application pipinstaller_ptv_.exe, “TODO: <File description>” by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
TODO: <Company name>  (signed by Ask.com)

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
2.6.2.0

MD5:
77107e1601b1d7cd92f16a3c48d58275

SHA-1:
f7004c8a2cbb8f3ffb6c8d09212337dd117de2b2

SHA-256:
f01049a993930e6646d413c166818cb4dbdcc0053a19a6b43bfa70dab2fd931b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/23/2024 6:17:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask (M)
17.3.15.7

File size:
1.1 MB (1,116,815 bytes)

Product version:
2.6.2.0

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
AskInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\pipinstaller_ptv_.exe

Digital Signature
Signed by:
Ask.com

Authority:
VeriSign, Inc.

Valid from:
6/20/2011 6:00:00 AM

Valid to:
6/19/2014 5:59:59 AM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0965F2AC7236C7E1BDCA44ED139B273A

File PE Metadata
Compilation timestamp:
7/11/2012 11:11:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x65D0A

Entry point:
E9, 73, B9, FF, FF, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 18, 64, 48, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 78, 52, 48, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, A8, 3C, 4A, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, AC...
 
[+]

Entropy:
6.1876

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
526 KB (538,624 bytes)

Remove pipinstaller_ptv_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.