» tmp0000001f2e1be4a8e81e2016
Overview
Analysis
File Details

tmp0000001f2e1be4a8e81e2016

IAC Search and Media

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The file tmp0000001f2e1be4a8e81e2016 by IAC Search and Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the APN Stub installer.

File name:

Publisher:

IAC Search and Media, Inc. (signed by IAC Search and Media)

Description:

DtUser

Version:

1, 0, 0, 102

MD5:

83aaec6837bea64d9cc9ea05a2531740

SHA-1:

463694f5a0560eaf3d769eeab0a0ba3729b7e9c2

SHA-256:

bc3ac9691b2a4c54f82d1b73745a7b96d2e5840f25808d5037f81ff2f597c32b

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/16/2024 3:44:42 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Ask (M)

16.12.28.4

File size:

512 KB (524,288 bytes)

Product version:

1, 0, 0, 102

Installer:

APN Stub

Language:

English (United States)

Common path:

C:\windows\temp\tmp0000001f2e1be4a8e81e2016

Digital Signature

Signed by:

IAC Search and Media

Authority:

VeriSign, Inc.

Valid from:

1/23/2014 8:00:00 AM

Valid to:

10/21/2015 7:59:59 AM

Subject:

CN=IAC Search and Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=IAC Search and Media, L=Oakland, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5367F5135FCC8B151C3E3EE4BEFD1DFB

File PE Metadata

Compilation timestamp:

4/11/2014 6:24:52 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x1D47D

Entry point:

DC, B3, FE, 4F, 5C, 2F, 6B, 50, 7A, 73, B3, DD, 9A, 99, 3E, 73, 55, 9D, 2E, C2, 69, 48, E5, 35, BF, 80, 97, FF, 07, 9D, F9, 9D, 2F, 24, 0E, F3, C4, C2, AB, F9, 34, DC, 48, 09, 4E, 10, 3C, 50, 52, 8C, 3F, D8, D6, 19, 94, 37, F6, 31, 9B, D5, F3, 7B, 95, B5, F4, 91, 59, 6C, 3D, C4, FA, 8A, DC, DE, AF, E1, 50, CF, A6, 14, D3, 7B, 62, BD, 2A, 7F, 96, 5C, 02, ED, F7, 1C, 1E, 2A, 09, 58, 28, D9, 7A, B4, 87, FE, AA, 71, 43, CA, 48, D1, 9B, 16, 6F, 67, 74, E9, 24, 32, AC, FB, 85, DE, 76, 56, E8, CC, EB, A9, 47, 58... 
[+]

Entropy:

7.0154

Code size:

306.5 KB (313,856 bytes)

Remove tmp0000001f2e1be4a8e81e2016 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.