home

TBNotifier.exe

Ask TBNotifier

APN LLC

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application TBNotifier.exe, “Ask Toolbar Notifier” by APN has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address www.search.ask.com on port 80 using the HTTP protocol.
Publisher:
APN  (signed by APN LLC)

Product:
Ask TBNotifier

Description:
Ask Toolbar Notifier

Version:
31.24.2.4090

MD5:
8cf00339d2d58a07ccad592dfe01b310

SHA-1:
bf58846b323a54cca486441ae65d5c05a075574a

SHA-256:
fd561a229bdceb2291e2e2b96bb1579afabb2037e4b219093c78de72c9dcf150

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/18/2024 8:31:27 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask (M)
17.3.5.20

File size:
1.7 MB (1,796,496 bytes)

Product version:
31.24.2.4090

Copyright:
(c) APN LLC. All rights reserved.

Original file name:
TBNotifier.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\askpartnernetwork\toolbar\updater\tbnotifier.exe

Digital Signature
Signed by:
APN LLC

Authority:
VeriSign, Inc.

Valid from:
2/26/2015 7:00:00 AM

Valid to:
5/28/2018 6:59:59 AM

Subject:
CN=APN LLC, O=APN LLC, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
74BAC30967391B08242D79F7F79449E2

File PE Metadata
Compilation timestamp:
8/6/2015 6:49:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0xEFE8B

Entry point:
E8, CC, 00, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B...
 
[+]

Entropy:
6.4933

Code size:
1.1 MB (1,144,832 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.search-results.com  (66.235.120.111:80)

TCP (HTTP):
Connects to www.search.ask.com  (23.76.222.3:80)

TCP (HTTP):
Connects to websearch.search-results.com  (199.36.100.106:80)

 
http://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=619144626&locale=us_ZZ&apn_uid=1857449580&apn_ptnrs=2R&apn_sauid=1238299720&apn_dtid=get001YYPT&q=

TCP (HTTP):
Connects to ss.websearch.ask.com  (174.129.25.170:80)

TCP (HTTP):
Connects to apnstatic.ask.com  (23.67.242.17:80)

Remove TBNotifier.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.