apnic.dll

AskIC Dynamic Link Library

Ask.com

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The module apnic.dll, “Ask Toolbar for Internet Explorer” by Ask.com has been detected as a potentially unwanted program by 2 anti-malware scanners. This version of the file will bundle the Ask.com Toolbar, a potentially unwanted web browser extension. The file has been seen being downloaded from apnmedia.ask.com and multiple other hosts.
Publisher:
Ask.com  (signed and verified)

Product:
AskIC Dynamic Link Library

Description:
Ask Toolbar for Internet Explorer

Version:
5.2.3.0

MD5:
8389842ec050ddf21585829675798c2d

SHA-1:
526c685b52444130cd450dec45826528ad21dfb2

SHA-256:
d8537bbf0c2d842820adb0d26876c498c8628331571cc3b25dd653149439bc3d

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 2:32:42 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant)
8.9252

Reason Heuristics
PUP.Toolbar.Ask.F
14.8.8.2

File size:
208.2 KB (213,192 bytes)

Product version:
5.2.3.0

Copyright:
Copyright (C) Ask 2010

Original file name:
AskIC.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\ProgramData\ask\apn-stub\ff\apnic.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/20/2011 8:00:00 AM

Valid to:
6/19/2014 7:59:59 AM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0965F2AC7236C7E1BDCA44ED139B273A

File PE Metadata
Compilation timestamp:
10/10/2012 5:21:50 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:vmm6F1MBYDqRgekmafnkUo+4ssaMIFo+NzanQCyQIRAfyR5bun2bH:vmmQ1TqRgeFCkUasOjEzaQC3Q+e

Entry address:
0x14C4A

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, CA, 72, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, A0, F2, 02, 10, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 29, D7, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 19, D7, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 16, 01, 00, 00, 8B, 4D, 10, 8D...
 
[+]

Entropy:
6.4788

Code size:
140 KB (143,360 bytes)

The file apnic.dll has been seen being distributed by the following 13 URLs.

http://apnmedia.ask.com/media/toolbar/stub2/.../ApnIC.dll?tb=CPUID&version=1.0.0.0

http://apnmedia.ask.com/media/toolbar/stub2/.../ApnIC.dll?tb=MYC2&version=1.0.0.0

Remove apnic.dll - Powered by Reason Core Security