ask.exe

Ask Toolbar

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application ask.exe, “Wrapper Application” by Ask.com has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the APN Stub installer. This version of the installer will bundle the Ask.com Toolbar, a potentially unwanted web browser extension. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from apnmedia.ask.com.
Publisher:
Ask  (signed by Ask.com)

Product:
Ask Toolbar

Description:
Wrapper Application

Version:
1.17.6.0

MD5:
2659b939ec551debce1ecf3cd1586147

SHA-1:
52f23b334b1ad9d6b076a37c681d55e8d6d87775

SHA-256:
49d54423fe48e3b8afa2604e35964a579abea56304292c6a938636d42855c7bf

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Bundles that Ask.com toolbar as a third-party offer, a web browser extension that may modify a user's search and home pages.

Analysis date:
11/27/2024 2:37:15 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.AskToolbar
4.0.3.1489

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant)
8.10201

NANO AntiVirus
Trojan.Win32.Agent.cxhsaf
0.28.2.61349

Reason Heuristics
PUP.Toolbar.Ask.D
14.8.9.9

File size:
3.8 MB (3,972,744 bytes)

Product version:
1.17.6.0

Copyright:
Copyright (C) 2012 Ask.com.

Original file name:
wrapper.exe

File type:
Executable application (Win32 EXE)

Installer:
APN Stub

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\ask.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/19/2011 5:00:00 PM

Valid to:
6/18/2014 4:59:59 PM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0965F2AC7236C7E1BDCA44ED139B273A

File PE Metadata
Compilation timestamp:
4/1/2013 10:42:51 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:dZwcbOqfjDYKEgZYpZq82J5Fzik6gfhoY4MpztFb1:HwcKqfjCiYpZVI5FzikxfhoYb9h

Entry address:
0x1EB2C

Entry point:
E8, 4F, B2, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, 98, 9A, 44, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 16, B3, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, B4, EC, 41, 00, 90, 8B, C7, BA, 03, 00, 00, 00, 83...
 
[+]

Entropy:
7.7062  (probably packed)

Code size:
211 KB (216,064 bytes)

The file ask.exe has been seen being distributed by the following URL.

Remove ask.exe - Powered by Reason Core Security