home

askbarsetup.exe

IAC

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application askbarsetup.exe by IAC has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the APN Stub installer. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension. It is also typically executed from the user's temporary directory.
Publisher:
IAC  (signed and verified)

MD5:
6b8fd4abf73ecc4e9c983f919870cd8a

SHA-1:
83216899dc0ee358f7a801782929c57c0f781074

SHA-256:
87d42862c1d701a1a8818f1a108a5010b01aa756d63b8c4882be52dec5d4e084

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Analysis date:
11/4/2024 5:12:08 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.Askbar.B
7.1.1

AhnLab V3 Security
Trojan/Win32.HDC
2014.08.08

Avira AntiVirus
APPL/AdInstaller.E
7.11.165.218

AVG
Skodna.Generic
2015.0.3378

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.141222

Comodo Security
Heur.Suspicious
18424

ESET NOD32
Win32/AdInstaller (variant)
8.10219

Fortinet FortiGate
Adware/MSearch
8/18/2014

F-Prot
W32/Backdoor2.GNU
v6.4.7.1.166

IKARUS anti.virus
Skodna.SuspectCRC
t3scan.1.6.1.0

Kaspersky
not-a-virus:WebToolbar.Win32.MyWebSearch
14.0.0.3386

McAfee
Artemis!9F74744064EF
5600.6909

NANO AntiVirus
Trojan.Win32.Mywebsearch.dbyghx
0.28.2.61349

Norman
AskBar.P.dropper
11.20141222

Panda Antivirus
Generic Backdoor
14.08.18.08

Reason Heuristics
PUP.Installer.IAC.L
14.8.18.20

Rising Antivirus
PE:Trojan.Win32.Generic.1575341F!360002591
23.00.65.14816

Trend Micro House Call
TROJ_SPNR.0BC513
7.2.230

Trend Micro
TROJ_SPNR.0BC513
10.465.18

VIPRE Antivirus
Trojan.Win32.Generic
32010

ViRobot
Adware.MSearch.517448
2011.4.7.4223

File size:
505.3 KB (517,448 bytes)

File type:
Executable application (Win32 EXE)

Installer:
APN Stub

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\askbarsetup.exe

Digital Signature
Signed by:
IAC

Authority:
VeriSign, Inc.

Valid from:
6/7/2007 8:00:00 PM

Valid to:
6/7/2008 7:59:59 PM

Subject:
CN=IAC, OU=Search and Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=IAC, L=White Plains, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
406C957308063D0297253DA4BE0427DF

File PE Metadata
Compilation timestamp:
6/28/2007 6:48:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:rS7chGI0xLp7Kkj7qV8n8UZvlE0Ib1vS4a7OQ4OJk370b50CJA36y227:rSghGIW5KaqVI9lEdb1aVRJO9CC3tV7

Entry address:
0x171C

Entry point:
55, 8B, EC, 83, EC, 44, 53, 56, 6A, 00, FF, 15, 60, 20, 40, 00, A3, D4, 30, 40, 00, FF, 15, 38, 20, 40, 00, 8B, 1D, 68, 20, 40, 00, 8B, F0, 85, F6, 75, 04, 6A, FF, FF, D3, 8A, 06, 57, 8B, 3D, C0, 20, 40, 00, 3C, 22, 75, 1B, 56, FF, D7, 8B, F0, 8A, 06, 3C, 22, 74, 04, 84, C0, 75, F1, 80, 3E, 22, 75, 15, 56, FF, D7, 8B, F0, EB, 0E, 3C, 20, 7E, 0A, 56, FF, D7, 8B, F0, 80, 3E, 20, 7F, F6, 8A, 06, 84, C0, 74, 04, 3C, 20, 7E, E1, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 64, 20, 40, 00, E8, 2D, 00, 00, 00, F6, 45...
 
[+]

Entropy:
5.5497

Developed / compiled with:
Microsoft Visual C++

Code size:
4 KB (4,096 bytes)

Remove askbarsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.