4z_ask.exe

Offercast - APN Install Manager

Taiwan Shui Mu Chih Ching Technology Limited

This is the installer manager for the Ask.com/APN Offercast platform. Offercast is loaded into 3rd party installers and will present the end user with various offers for web browser toolbars such as the Ask.com Search App (the primary offer) as well as may present the user with additional opt-out offers for potentially unwanted software such as PC 'optimization' utilities.. The application 4z_ask.exe by Taiwan Shui Mu Chih Ching Technology Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Ask.com  (signed by Taiwan Shui Mu Chih Ching Technology Limited)

Product:
Offercast - APN Install Manager

Version:
2.9.1.0

MD5:
09806a178027d32dcce53a77d9241128

SHA-1:
363a0b34a683e85dc6205efb3a4c4d326da4ca10

SHA-256:
444404014df70c57b72952c6d4760d6b79edf29b145502d4b297f4766fe778c2

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is the APN Offercast install manager which will offer the user to opt-out of installing the Ask.com Toolbar as part of the setup routine.

Analysis date:
11/27/2024 1:37:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Thinknice (M)
17.1.27.20

File size:
1 MB (1,072,816 bytes)

Product version:
2.9.1.0

Copyright:
2010 (c) Ask.com. All rights reserved.

Original file name:
AskInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\omigazip_patch\4z_ask.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/24/2014 2:45:36 PM

Valid to:
2/25/2015 2:45:36 PM

Subject:
CN=Taiwan Shui Mu Chih Ching Technology Limited, O=Taiwan Shui Mu Chih Ching Technology Limited, L=New Taipei City, S=Taiwan, C=TW

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121BCD23750153699E1F59ACE477A6DE070

File PE Metadata
Compilation timestamp:
3/7/2014 4:50:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x79EB4

Entry point:
E8, 3D, EF, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, B4, F5, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, F8, E2, 49, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, A8, 2C, 4C, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, AC...
 
[+]

Entropy:
6.6962

Code size:
624.5 KB (639,488 bytes)

Remove 4z_ask.exe - Powered by Reason Core Security