askpip_ff_.exe

Offercast - APN Install Manager

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application askpip_ff_.exe by Ask.com has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Offercast APN Install Manager installer. This version of the installer will bundle the Ask.com Toolbar, a potentially unwanted web browser extension. While running, it connects to the Internet address 199.36.100.103.df.iacapn.com on port 80 using the HTTP protocol.
Publisher:
Ask.com  (signed and verified)

Product:
Offercast - APN Install Manager

Version:
2.9.1.0

MD5:
47e1fbc3aa8b4439b60d7633eb355a8e

SHA-1:
d5f81e940df0ca88ee270e1b9a597feffcabae81

SHA-256:
0d079c8d26f5544354913d279b32c30f2beec15765692e7c1e1378666d921ccf

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
This is the APN Offercast install manager which will offer the user to opt-out of installing the Ask.com Toolbar as part of the setup routine.

Analysis date:
11/30/2024 10:00:38 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant)
8.9597

Reason Heuristics
PUP.Installer.Ask.K
14.8.8.2

File size:
1023.9 KB (1,048,504 bytes)

Product version:
2.9.1.0

Copyright:
2010 (c) Ask.com. All rights reserved.

Original file name:
AskInstaller.exe

File type:
Executable application (Win32 EXE)

Installer:
Offercast APN Install Manager

Language:
English (United States)

Common path:
C:\Program Files\freetime\formatfactory\ffmodules\package\ask\askpip_ff_.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/23/2014 1:00:00 AM

Valid to:
6/19/2014 1:59:59 AM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0E92120309E5E292CD4FFE132C48D3D8

File PE Metadata
Compilation timestamp:
3/11/2014 1:25:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:UUclLovHbkRbSOVrUOlo/BtqS+exjBy3dpXGWlnAwLN+5o4ibMyN:UcbCb4p/Bt7jBy3H2ynbLN+MbMyN

Entry address:
0x79EB4

Entry point:
E8, 3D, EF, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, B4, F5, 49, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, F8, E2, 49, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, A8, 2C, 4C, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, AC...
 
[+]

Code size:
624.5 KB (639,488 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-53-208-160.deploy.static.akamaitechnologies.com  (23.53.208.160:80)

TCP (HTTP):
Connects to 199.36.100.103.df.iacapn.com  (199.36.100.103:80)

TCP (HTTP):
Connects to a92-122-180-142.deploy.akamaitechnologies.com  (92.122.180.142:80)

TCP (HTTP):
Connects to a104-93-106-192.deploy.static.akamaitechnologies.com  (104.93.106.192:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-61-102-103.deploy.static.akamaitechnologies.com  (23.61.102.103:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a184-26-184-137.deploy.static.akamaitechnologies.com  (184.26.184.137:80)

Remove askpip_ff_.exe - Powered by Reason Core Security