» precache.exe
Overview
Analysis
File Details
Programs (1)
Network (74)

precache.exe

Ask.com

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application precache.exe by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Ask Toolbar by Ask.com which is a potentially unwanted software program. While running, it connects to the Internet address pc198.nero.com on port 80 using the HTTP protocol.

File name:

precache.exe

Publisher:

Ask.com (signed and verified)

MD5:

c971dc70ab3d0efd48c30c427dd7b5d8

SHA-1:

351cd9e1c324f859c901caea0e2feacbb1abd429

SHA-256:

b0587df6e08015625d55b30cedaa4b4e4c99036b4b8babfbeb15fa3700b2fcf6

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 3:47:07 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Ask.I

14.8.8.2

File size:

70.1 KB (71,816 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ask.com\precache.exe

Digital Signature

Signed by:

Ask.com

Authority:

VeriSign, Inc.

Valid from:

6/19/2011 5:00:00 PM

Valid to:

6/18/2014 4:59:59 PM

Subject:

CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0965F2AC7236C7E1BDCA44ED139B273A

File PE Metadata

Compilation timestamp:

1/24/2013 2:16:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

768:dcPIZMtd5ztcsjvrQYLsZWd9z5IcfY6Pp1iFDcDD6WVUHj8liRxtFwUTbM:GOM5zi5YL9jAK1b+TRx5bM

Entry address:

0x2796

Entry point:

E8, 74, 28, 00, 00, E9, 79, FE, FF, FF, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, C8, FD, 40, 00, 00, 74, 05, E9, FD, 2D, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24, 08, 5F, C3, 8B... 
[+]

Entropy:

6.3499

Code size:

35 KB (35,840 bytes)

The file precache.exe has been discovered within the following programs.

Ask Toolbar by Ask.com

The Ask Toolbar is a web-browser add-on that can appear as an extra bar added to the browser's window and/or menu. It is often installed (sometimes without warning) during the installation of other software. Ask.

help.ask.com/link/portal/30015/30018/Article/1/How-do-I-remove-the-Ask-com-Toolbar

81% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a184-27-23-218.deploy.static.akamaitechnologies.com (184.27.23.218:80)

TCP (HTTP):

Connects to a23-206-207-211.deploy.static.akamaitechnologies.com (23.206.207.211:80)

TCP (HTTP):

Connects to ec2-52-39-37-58.us-west-2.compute.amazonaws.com (52.39.37.58:80)

TCP (HTTP):

Connects to 199.36.102.106.df.iacapn.com (199.36.102.106:80)

TCP (HTTP):

Connects to xx-fbcdn-shv-01-mxp1.fbcdn.net (31.13.86.4:80)

TCP (HTTP):

Connects to wzpo.iad.ask.com (66.235.120.117:80)

TCP (HTTP):

Connects to pc200.nero.com (82.98.209.200:80)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-mxp1.facebook.com (31.13.86.36:443)

TCP (HTTP):

Connects to a23-46-15-59.deploy.static.akamaitechnologies.com (23.46.15.59:80)

TCP (HTTP):

Connects to a23-11-235-73.deploy.static.akamaitechnologies.com (23.11.235.73:80)

TCP (HTTP):

Connects to ec2-52-0-115-138.compute-1.amazonaws.com (52.0.115.138:80)

TCP (HTTP):

Connects to a23-41-227-4.deploy.static.akamaitechnologies.com (23.41.227.4:80)

TCP (HTTP):

Connects to a104-74-103-136.deploy.static.akamaitechnologies.com (104.74.103.136:80)

TCP (HTTP):

Connects to a96-6-123-59.deploy.akamaitechnologies.com (96.6.123.59:80)

TCP (HTTP):

Connects to a88-221-101-89.deploy.akamaitechnologies.com (88.221.101.89:80)

TCP (HTTP):

Connects to a23-206-100-74.deploy.static.akamaitechnologies.com (23.206.100.74:80)

TCP (HTTP):

Connects to a184-85-40-160.deploy.static.akamaitechnologies.com (184.85.40.160:80)

TCP (HTTP):

Connects to a184-26-162-80.deploy.static.akamaitechnologies.com (184.26.162.80:80)

TCP (HTTP):

Connects to a104-108-57-208.deploy.static.akamaitechnologies.com (104.108.57.208:80)

TCP (HTTP):

Connects to 179.185.57.33.static.adsl.gvt.net.br (179.185.57.33:80)

Remove precache.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.