TBNotifier.exe

Ask TBNotifier

APN LLC

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application TBNotifier.exe, “Ask Toolbar Notifier” by APN has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address www.search.ask.com on port 80 using the HTTP protocol.
Publisher:
APN  (signed by APN LLC)

Product:
Ask TBNotifier

Description:
Ask Toolbar Notifier

Version:
31.26.0.4623

MD5:
c45d84c1c5021f792420f17592a15e0b

SHA-1:
e5b8f45b92fb5f5c9a0025de9a26e20388d54b0b

SHA-256:
6ca9f5025092a36c0739e178dad382bb4f8c723125a734431b91128affc263e0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/25/2024 9:58:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask (M)
17.3.8.20

File size:
1.7 MB (1,797,463 bytes)

Product version:
31.26.0.4623

Copyright:
(c) APN LLC. All rights reserved.

Original file name:
TBNotifier.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\askpartnernetwork\toolbar\updater\tbnotifier.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/26/2015 5:00:00 AM

Valid to:
5/28/2018 4:59:59 AM

Subject:
CN=APN LLC, O=APN LLC, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
74BAC30967391B08242D79F7F79449E2

File PE Metadata
Compilation timestamp:
9/10/2015 3:27:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0xF26CA

Entry point:
E9, FF, C2, FB, FF, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04...
 
[+]

Entropy:
6.5517

Packer / compiler:
Xtreme-Protector v1.05

Code size:
1.1 MB (1,156,096 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.search-results.com  (66.235.120.111:80)

TCP (HTTP):
Connects to www.search.ask.com  (23.76.222.3:80)

TCP (HTTP):
Connects to websearch.search-results.com  (199.36.100.106:80)

 
http://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=623789948&locale=us_ZZ&apn_uid=1871385546&apn_ptnrs=2R&apn_sauid=1247590364&apn_dtid=get001YYPT&q=

TCP (HTTP):
Connects to ss.websearch.ask.com  (174.129.25.170:80)

TCP (HTTP):
Connects to apnstatic.ask.com  (23.67.242.17:80)

Remove TBNotifier.exe - Powered by Reason Core Security