apnstub.exe

AskStub Application

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application apnstub.exe by Ask.com has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the APN Stub installer. Additionally, the file is typically installed by a number of programs including Laplink PCmover Professional by Laplink Software, Inc. and Quick Media Converter by Cocoon Software.
Publisher:
Ask.com  (signed and verified)

Product:
AskStub Application

Version:
4.0.0.0

MD5:
c36923084822c017f69396418a999d39

SHA-1:
fdc2005ced8acf86c68fe1b86b0698d0539e8ce0

SHA-256:
7a158fdeea8f7107be5ce40242546a503193aa1c278f74a4730871b8edd0ba76

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 5:21:02 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Ask.H
188838

Reason Heuristics
PUP.Ask.H
14.8.8.2

XVirus List
Win32.Detected
2.8.8

File size:
139.9 KB (143,240 bytes)

Product version:
4.0.0.0

Copyright:
Copyright (C) Ask 2010

Original file name:
AskStub.exe

File type:
Executable application (Win32 EXE)

Installer:
APN Stub

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\apnstub.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/17/2008 3:00:00 AM

Valid to:
6/18/2011 2:59:59 AM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
286F8A30E2EAC6965B936F826A05305D

File PE Metadata
Compilation timestamp:
5/3/2011 11:01:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:kchfXbup04LnomgmlgV5sUjbW/+lt5qqqqqqqqqqqqBYFpbO:BPbue4LP+V5f6U7qqqqqqqqqqqqH

Entry address:
0x4448

Entry point:
E8, A9, 39, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 08, B4, 41, 00, 89, 0D, 04, B4, 41, 00, 89, 15, 00, B4, 41, 00, 89, 1D, FC, B3, 41, 00, 89, 35, F8, B3, 41, 00, 89, 3D, F4, B3, 41, 00, 66, 8C, 15, 20, B4, 41, 00, 66, 8C, 0D, 14, B4, 41, 00, 66, 8C, 1D, F0, B3, 41, 00, 66, 8C, 05, EC, B3, 41, 00, 66, 8C, 25, E8, B3, 41, 00, 66, 8C, 2D, E4, B3, 41, 00, 9C, 8F, 05, 18, B4, 41, 00, 8B, 45, 00, A3, 0C, B4, 41, 00, 8B, 45, 04, A3, 10, B4, 41, 00, 8D, 45, 08, A3, 1C, B4, 41...
 
[+]

Entropy:
6.4863

Code size:
74 KB (75,776 bytes)

The file apnstub.exe has been discovered within the following programs.

Laplink PCmover Professional  by Laplink Software, Inc.
Publisher's description - “PCmover is the ONLY software that automatically transfers or restores all selected files, settings, user profiles, and even programs from an old PC to a new one, or old operating system to a new one.”
www.Laplink.com/de
About 1% of users remove it
Quick Media Converter  by Cocoon Software
Quick Media Converter includes a branded version of the Ask.com Toolbar, a web browser extenstion that provides search advertising and results. Upon installation the user is presented with the option to install the Ask toolbar.
www.cocoonsoftware.com
About 9% of users remove it
 
Powered by Should I Remove It?

The file apnstub.exe has been seen being distributed by the following 8 URLs.

http://ep.wl.facdn.com/ep/download/.../EPApnStub.exe

http://www5.photojoy.com/photojoy/pjsetup/201611010839/default/installer/.../ApnStub.exe

http://www5.photojoy.com/photojoy/pjsetup/201510131725/default/installer/.../ApnStub.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a88-221-100-112.deploy.akamaitechnologies.com  (88.221.100.112:80)

TCP (HTTP):
Connects to a104-68-60-220.deploy.static.akamaitechnologies.com  (104.68.60.220:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to 199.36.102.106.df.iacapn.com  (199.36.102.106:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to 74.113.233.61.df.iaccap.com  (74.113.233.61:80)

TCP (HTTP):
Connects to 199.36.101.106.lv.iacapn.com  (199.36.101.106:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

Remove apnstub.exe - Powered by Reason Core Security