askinstaller.exe

Offercast - APN Install Manager

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application askinstaller.exe by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Offercast APN Install Manager installer. It is also typically executed from the user's temporary directory.
Publisher:
Ask.com  (signed and verified)

Product:
Offercast - APN Install Manager

Version:
3,4,2,12645

MD5:
dadacc1308e53b63a0965921f8f25649

SHA-1:
742034d34c2666200209b0571b9177b7302d4e01

SHA-256:
3cafc8fb9a63782cfc696e706db2f7957348859217b07a405c3e34e77185d97b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
This is the APN Offercast install manager which will offer the user to opt-out of installing the Ask.com Toolbar as part of the setup routine.

Analysis date:
12/24/2024 12:12:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask (M)
17.3.15.0

File size:
1.1 MB (1,143,096 bytes)

Product version:
3,4,2,12645

Copyright:
2010: (c) Ask.com. All rights reserved.

Original file name:
APNInstaller.exe

File type:
Executable application (Win32 EXE)

Installer:
Offercast APN Install Manager

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ui_data\ask\askinstaller.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/2/2014 9:00:00 AM

Valid to:
8/1/2016 8:59:59 AM

Subject:
CN=Ask.com, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
071C9C2CC792BCB19C804C3655D4DE1F

File PE Metadata
Compilation timestamp:
9/9/2014 4:49:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x95BE

Entry point:
E8, CC, 47, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 48, D3, 41, 00, 89, 0D, 44, D3, 41, 00, 89, 15, 40, D3, 41, 00, 89, 1D, 3C, D3, 41, 00, 89, 35, 38, D3, 41, 00, 89, 3D, 34, D3, 41, 00, 66, 8C, 15, 60, D3, 41, 00, 66, 8C, 0D, 54, D3, 41, 00, 66, 8C, 1D, 30, D3, 41, 00, 66, 8C, 05, 2C, D3, 41, 00, 66, 8C, 25, 28, D3, 41, 00, 66, 8C, 2D, 24, D3, 41, 00, 9C, 8F, 05, 58, D3, 41, 00, 8B, 45, 00, A3, 4C, D3, 41, 00, 8B, 45, 04, A3, 50, D3, 41, 00, 8D, 45, 08, A3, 5C, D3, 41...
 
[+]

Entropy:
7.9141  (probably packed)

Code size:
83 KB (84,992 bytes)

Remove askinstaller.exe - Powered by Reason Core Security