asksearchutility.exe

Ask Toolbar Search Utility

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application asksearchutility.exe, “Ask Toolbar Search Utility Setup ” by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the APN Stub installer.
Publisher:
Ask.com   (signed by Ask.com)

Product:
Ask Toolbar Search Utility

Description:
Ask Toolbar Search Utility Setup

MD5:
0cac8bdca178023ad837bc87d1cf2ca9

SHA-1:
3b4df39b013e7871a56da22bac7b712a882bcc49

SHA-256:
857daad59641cdc2b0dbebf9a5a87bbfca6589b7d52f23bc705b9f6a9b64f31d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 1:09:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.Ask.Q
14.8.8.2

File size:
335.6 KB (343,624 bytes)

File type:
Executable application (Win32 EXE)

Installer:
APN Stub

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\asksearchutility.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/16/2008 6:00:00 PM

Valid to:
6/17/2011 5:59:59 PM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
286F8A30E2EAC6965B936F826A05305D

File PE Metadata
Compilation timestamp:
6/19/1992 4:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:l/2Uwg7UdLigTlrea5yx4ZgdzjJpRx/Mk3ZpzdcHn7R+QJDG+gYeYphTyHB:d2UtgaaOTdD7/3Z7cHuyeYD6

Entry address:
0x9A58

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 6E, 96, FF, FF, E8, 75, A8, FF, FF, E8, A0, CA, FF, FF, E8, E7, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, 0B, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, D4, A0, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, AC, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 1F, 97, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.8981

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36.5 KB (37,376 bytes)

The file asksearchutility.exe has been seen being distributed by the following URL.

Remove asksearchutility.exe - Powered by Reason Core Security