home

Toolbar.exe

Toolbar Core

APN LLC

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application Toolbar.exe by APN has been detected as a potentially unwanted program by 2 anti-malware scanners.
Publisher:
APN LLC.  (signed by APN LLC)

Product:
Toolbar Core

Version:
21.17.0.5339

MD5:
60e7ddc80b987fa9ca279fd1a3f595b9

SHA-1:
611b9356ec7f00e3f842e451681823157c16307f

SHA-256:
1aa7fd5aabc65f13b938835c7aa66e4245508cb0fe71073244873b1f089eb3d9

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 12:12:37 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

Reason Heuristics
PUP.Ask.APN.Toolbar (M)
15.11.5.11

File size:
381.9 KB (391,056 bytes)

Product version:
21.17.0.5339

Copyright:
(c) APN LLC. All rights reserved.

Original file name:
Toolbar.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\askpartnernetwork\toolbar\toolbar.exe

Digital Signature
Signed by:
APN LLC

Authority:
VeriSign, Inc.

Valid from:
2/26/2015 3:00:00 AM

Valid to:
5/28/2018 2:59:59 AM

Subject:
CN=APN LLC, O=APN LLC, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
74BAC30967391B08242D79F7F79449E2

File PE Metadata
Compilation timestamp:
10/29/2015 8:20:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:o3gkbi9PNNNY7M1Ot+VTAMQxgPRHtTBlg3bFWuvQXe4+k:ZggPrN6Mq+VUMugPRHtTDwkxeA

Entry address:
0x203F1

Entry point:
E8, 3D, 82, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 30, 0E, 44, 00, 89, 0D, 2C, 0E, 44, 00, 89, 15, 28, 0E, 44, 00, 89, 1D, 24, 0E, 44, 00, 89, 35, 20, 0E, 44, 00, 89, 3D, 1C, 0E, 44, 00, 66, 8C, 15, 48, 0E, 44, 00, 66, 8C, 0D, 3C, 0E, 44, 00, 66, 8C, 1D, 18, 0E, 44, 00, 66, 8C, 05, 14, 0E, 44, 00, 66, 8C, 25, 10, 0E, 44, 00, 66, 8C, 2D, 0C, 0E, 44, 00, 9C, 8F, 05, 40, 0E, 44, 00, 8B, 45, 00, A3, 34, 0E, 44, 00, 8B, 45, 04, A3, 38, 0E, 44, 00, 8D, 45, 08, A3, 44, 0E, 44...
 
[+]

Entropy:
5.7735

Code size:
189 KB (193,536 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-35-215-174.deploy.static.akamaitechnologies.com  (23.35.215.174:80)

TCP (HTTP):
Connects to a104-124-109-139.deploy.static.akamaitechnologies.com  (104.124.109.139:80)

TCP (HTTP):
Connects to a104-82-90-9.deploy.static.akamaitechnologies.com  (104.82.90.9:80)

TCP (HTTP):
Connects to host-62-24-251-59.as13285.net  (62.24.251.59:80)

TCP (HTTP):
Connects to a23-56-166-245.deploy.static.akamaitechnologies.com  (23.56.166.245:80)

TCP (HTTP):
Connects to a23-53-108-169.deploy.static.akamaitechnologies.com  (23.53.108.169:80)

TCP (HTTP):
Connects to a23-48-71-42.deploy.static.akamaitechnologies.com  (23.48.71.42:80)

TCP (HTTP):
Connects to a96-7-7-233.deploy.akamaitechnologies.com  (96.7.7.233:80)

TCP (HTTP):
Connects to a23-40-147-231.deploy.static.akamaitechnologies.com  (23.40.147.231:80)

TCP (HTTP):
Connects to a96-7-5-50.deploy.akamaitechnologies.com  (96.7.5.50:80)

TCP (HTTP):
Connects to a23-56-193-49.deploy.static.akamaitechnologies.com  (23.56.193.49:80)

TCP (HTTP):
Connects to a23-56-147-50.deploy.static.akamaitechnologies.com  (23.56.147.50:80)

TCP (HTTP):
Connects to a23-48-22-69.deploy.static.akamaitechnologies.com  (23.48.22.69:80)

TCP (HTTP):
Connects to a23-211-188-134.deploy.static.akamaitechnologies.com  (23.211.188.134:80)

TCP (HTTP):
Connects to a23-211-177-49.deploy.static.akamaitechnologies.com  (23.211.177.49:80)

TCP (HTTP):
Connects to a104-81-138-181.deploy.static.akamaitechnologies.com  (104.81.138.181:80)

TCP (HTTP SSL):
Connects to ec2-54-93-147-38.eu-central-1.compute.amazonaws.com  (54.93.147.38:443)

TCP (HTTP):
Connects to a72-247-177-113.deploy.akamaitechnologies.com  (72.247.177.113:80)

TCP (HTTP):
Connects to a23-76-74-237.deploy.static.akamaitechnologies.com  (23.76.74.237:80)

TCP (HTTP):
Connects to a23-56-155-27.deploy.static.akamaitechnologies.com  (23.56.155.27:80)

Remove Toolbar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.