home

4z_ask.exe

Offercast - APN Install Manager

Taiwan Shui Mu Chih Ching Technology Limited

This is the installer manager for the Ask.com/APN Offercast platform. Offercast is loaded into 3rd party installers and will present the end user with various offers for web browser toolbars such as the Ask.com Search App (the primary offer) as well as may present the user with additional opt-out offers for potentially unwanted software such as PC 'optimization' utilities.. The application 4z_ask.exe by Taiwan Shui Mu Chih Ching Technology Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Ask.com  (signed by Taiwan Shui Mu Chih Ching Technology Limited)

Product:
Offercast - APN Install Manager

Version:
2.9.1.0

MD5:
f3eb31f6051ea6f7bc6ecb3028940216

SHA-1:
3ccf21d454474961d6bef3d800a807e10c679ab6

SHA-256:
73803df804184c2f6b467d7d50e56cb0b74cf2c553d100a4ef5b26c8a7a52936

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is the APN Offercast install manager which will offer the user to opt-out of installing the Ask.com Toolbar as part of the setup routine.

Analysis date:
11/27/2024 1:27:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Thinknice (M)
16.12.17.9

File size:
1 MB (1,072,816 bytes)

Product version:
2.9.1.0

Copyright:
2010 (c) Ask.com. All rights reserved.

Original file name:
AskInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\{3eb8db49-92f8-4af4-98b1-157e9a5abe70}\omigazip_patch\4z_ask.exe

Digital Signature
Signed by:
Taiwan Shui Mu Chih Ching Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
2/24/2014 1:15:36 AM

Valid to:
2/25/2015 1:15:36 AM

Subject:
CN=Taiwan Shui Mu Chih Ching Technology Limited, O=Taiwan Shui Mu Chih Ching Technology Limited, L=New Taipei City, S=Taiwan, C=TW

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121BCD23750153699E1F59ACE477A6DE070

File PE Metadata
Compilation timestamp:
3/6/2014 3:20:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x79EB4

Entry point:
E8, 3D, EF, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, B4, F5, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, F8, E2, 49, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, A8, 2C, 4C, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, AC...
 
[+]

Entropy:
6.6962

Code size:
624.5 KB (639,488 bytes)

Remove 4z_ask.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.