62964050_stp.exe

Offercast - APN Install Manager

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application 62964050_stp.exe by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Offercast APN Install Manager installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from vlr.tynt.com.
Publisher:
Ask.com  (signed and verified)

Product:
Offercast - APN Install Manager

Version:
3.10.0.18770

MD5:
1303761ced272037dd02c2393b4b103b

SHA-1:
e7207fb3d564a4cefa03d564b9b41c69219afe5e

SHA-256:
5cbb91ef2fddc70285a266e3b931e59550b21126f28831e45f025dccf93fb58f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
This is the APN Offercast install manager which will offer the user to opt-out of installing the Ask.com Toolbar as part of the setup routine.

Analysis date:
11/23/2024 10:12:37 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask.Installer (M)
16.7.13.20

File size:
996.6 KB (1,020,512 bytes)

Product version:
3.10.0.18770

Copyright:
2010: (c) Ask.com. All rights reserved.

Original file name:
APNInstaller.exe

File type:
Executable application (Win32 EXE)

Installer:
Offercast APN Install Manager

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\62964050_stp.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
9/8/2015 5:30:00 AM

Valid to:
8/1/2016 5:29:59 AM

Subject:
CN=Ask.com, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
10B9E2525844B965BFD1932E5265E605

File PE Metadata
Compilation timestamp:
12/15/2015 2:12:39 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:A9umdkXaRAxWgKD8Il6Qn642dQQINtmmgesjNT7Q3Vfe35T:yJkqSkgKVko0INtn+d7yFUT

Entry address:
0xA11E

Entry point:
E8, 43, 51, 00, 00, E9, 7F, FE, FF, FF, E8, D0, 10, 00, 00, 85, C0, 75, 06, B8, 74, 01, 42, 00, C3, 83, C0, 0C, C3, 55, 8B, EC, 56, E8, E4, FF, FF, FF, 8B, 4D, 08, 51, 89, 08, E8, 20, 00, 00, 00, 59, 8B, F0, E8, 05, 00, 00, 00, 89, 30, 5E, 5D, C3, E8, 9C, 10, 00, 00, 85, C0, 75, 06, B8, 70, 01, 42, 00, C3, 83, C0, 08, C3, 55, 8B, EC, 8B, 4D, 08, 33, C0, 3B, 0C, C5, 08, 00, 42, 00, 74, 27, 40, 83, F8, 2D, 72, F1, 8D, 41, ED, 83, F8, 11, 77, 05, 6A, 0D, 58, 5D, C3, 8D, 81, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8...
 
[+]

Entropy:
7.8995  (probably packed)

Code size:
92 KB (94,208 bytes)

The file 62964050_stp.exe has been seen being distributed by the following URL.

Remove 62964050_stp.exe - Powered by Reason Core Security