» msbloader64.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (3)

msbloader64.exe

Browser Tab Search by Ask

IAC Search and Media

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application msbloader64.exe by IAC Search and Media has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the APN Stub installer. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Browser Tab Search by Askx64’. Additionally, the file is typically installed by a number of programs including Browser Tab Search by Ask for Firefox by IAC Search and Media and Browser Tab Search by Ask for Internet Explorer by IAC Search and Media, both potentially unwanted software.

File name:

msbloader64.exe

Publisher:

IAC Search and Media (signed and verified)

Product:

Browser Tab Search by Ask

Version:

3.0.0.0.242

MD5:

12cd5587e4bf3fa2848c2fa438fe6a5e

SHA-1:

b4e45f9413c2a8bfd718bd2d9c08f9a31654846e

SHA-256:

b5df510a7966ee27cc46c52c1cd6996ac2eb2e589a305d00039581c6829f512c

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 12:31:08 AM UTC (today)

Scan engine

Detection

Engine version

AVG

MalSign.Search

2015.0.3521

Reason Heuristics

PUP.Startup.IACSearchandMedia.L

14.8.8.0

File size:

111.9 KB (114,592 bytes)

Product version:

3.0.0.0.242

Original file name:

msbloader64.exe

File type:

Executable application (Win64 EXE)

Installer:

APN Stub

Language:

English (United States)

Common path:

C:\Program Files\browser tab search by ask\safetynut\browsertabsearch\msbloader64.exe

Digital Signature

Signed by:

IAC Search and Media

Authority:

VeriSign, Inc.

Valid from:

1/23/2014 12:00:00 AM

Valid to:

10/20/2015 11:59:59 PM

Subject:

CN=IAC Search and Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=IAC Search and Media, L=Oakland, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5367F5135FCC8B151C3E3EE4BEFD1DFB

File PE Metadata

Compilation timestamp:

2/5/2014 11:06:21 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:8uanitELUTjAKRbCWXT6W+W3GQLQmaWTCe:8GmLUTjAMXXT6JW3GqvV

Entry address:

0x7490

Entry point:

48, 83, EC, 28, E8, 03, 29, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, 40, 53, 48, 83, EC, 20, BA, 08, 00, 00, 00, 8D, 4A, 18, E8, 19, 2A, 00, 00, 48, 8B, C8, 48, 8B, D8, FF, 15, BD, AD, 00, 00, 48, 89, 05, C6, 57, 01, 00, 48, 89, 05, B7, 57, 01, 00, 48, 85, DB, 75, 05, 8D, 43, 18, EB, 06, 48, 83, 23, 00, 33, C0, 48, 83, C4, 20, 5B, C3, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 48, 89, 7C, 24, 18, 41, 54, 41, 55, 41, 56, 48, 83, EC, 20, 4C, 8B, F1, E8, 8F, 14, 00, 00, 90, 48, 8B, 0D, 7F, 57, 01... 
[+]

Code size:

65.5 KB (67,072 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Browser Tab Search by Askx64

Command:

"C:\Program Files\browser tab search by ask\safetynut\browsertabsearch\msbloader64.exe"

The file msbloader64.exe has been discovered within the following programs.

Browser Tab Search by Ask for Firefox by IAC Search and Media

Browser Tab Search is an advertising-supported web browser toolbar/extension that will make the following changes to the browser's settings: - Changes the default home page and new tabs and protect these search settings - Changes the default search engine in your Internet Browser, including the browser's built-in search box - Adds an addition of alternative error page functionality, such as “Page Not Found” adn DNS errors - Tracks usage behavior.

63% remove it

Browser Tab Search by Ask for Google Chrome by IAC Search and Media

From the EULA: "The Toolbar interacts with your computer by: Displaying advertisements, including without limitation by inserting into web pages or displaying over parts of such web pages advertisements, banners or coupons that would not otherwise appear; Converting words on pages you view into hyperlinks that are linked to advertisements; Communicating with our servers to check for new offers, the placement of offers, the date and time you install and uninstall the Toolbar, and whether an updated version of the Toolbar is available; Monitoring and recording the domain name of each page you view, the advertisements that appear on these pages, and the advertisements that you click.

help.ask.com/link/portal/30015/30018/ArticleFolder/11/Ask-com-Browser-Toolbar

75% remove it

Browser Tab Search by Ask for Internet Explorer by IAC Search and Media

This web browser toolbar/extension is a 'startpage' hijacker that is designed to modify the browser's homepage, new tab page and default search page and provider in order to generate search-related revenue.

68% remove it

Remove msbloader64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.