home

a2SrchAs.DLL

Ask Search Assistant

IAC

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The module a2SrchAs.DLL, “Ask.com Search Assistant” by IAC has been detected as a potentially unwanted program by 6 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Ask Search Assistant BHO’.
Publisher:
Ask.com  (signed by IAC)

Product:
Ask Search Assistant

Description:
Ask.com Search Assistant

Version:
1, 1, 0, 1

MD5:
2f19f535f88bee3af522bd28478c019e

SHA-1:
ee8e9aa90dab1675d6adbccb8318c6b880ca867e

SHA-256:
863889b515e42cb50347d3f2926840e6cbe6686ceb3ec109d9f76a7c8feb68d8

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Part of the MyWebSearch/Mindspark/Ask web browser extension and toolbar.

Analysis date:
11/23/2024 8:06:30 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Askbar.B
7.1.1

Boost by Reason
Optional.BHO.IAC.I
188838

ESET NOD32
Win32/Toolbar.AskSBar
7.9307

Reason Heuristics
SearchPlugin.BHO.IAC.I
14.8.8.0

Rising Antivirus
PE:Trojan.Win32.Generic.125BF7D5!308017109
23.00.65.131224

ViRobot
Adware.MyWebSearch.66912
2011.4.7.4223

File size:
65.3 KB (66,912 bytes)

Product version:
1, 1, 0, 1

Copyright:
Copyright © 2007

Original file name:
a2SrchAs.DLL

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\asksbar\srchastt\1.bin\a2srchas.dll

Digital Signature
Signed by:
IAC

Authority:
VeriSign, Inc.

Valid from:
6/8/2007 3:00:00 AM

Valid to:
6/8/2008 2:59:59 AM

Subject:
CN=IAC, OU=Search and Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=IAC, L=White Plains, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
406C957308063D0297253DA4BE0427DF

Registration
CLSIDs:
{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}, {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
6/27/2007 8:11:56 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:EFU+DhkKhUvk7R3SRhQEsqxvJciOCqQY40:El+koRyEsqxvJciOCqQ

Entry address:
0x55B7

Entry point:
FF, 74, 24, 0C, FF, 74, 24, 0C, FF, 74, 24, 0C, E8, 11, D2, FF, FF, C2, 0C, 00, FF, 15, C8, 90, 00, 10, 33, C0, C3, A1, 68, BA, 00, 10, 56, 85, C0, 75, 13, FF, 74, 24, 08, 50, FF, 35, 08, BA, 00, 10, FF, 15, 68, 90, 00, 10, 5E, C3, 8B, 0D, 6C, BA, 00, 10, 8B, 15, 64, BA, 00, 10, FF, 05, 6C, BA, 00, 10, 23, D1, 8B, 34, 90, 8B, 44, 24, 08, 83, C0, 08, 50, 6A, 00, 56, FF, 15, 68, 90, 00, 10, 85, C0, 74, 07, 89, 30, 83, C0, 08, 5E, C3, 33, C0, 5E, C3, 8B, 44, 24, 04, 33, C9, 3B, C1, 75, 0B, FF, 74, 24, 08, E8...
 
[+]

Entropy:
5.4752

Code size:
32 KB (32,768 bytes)

Internet Explorer BHO
Display name:
Ask Search Assistant BHO

CLSID:
{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}


Remove a2SrchAs.DLL - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.