asktoolbar_stubinstaller.exe

The Weather Channel Interactive Consumer Application Software

The Weather Channel Interactive, Inc.

The application asktoolbar_stubinstaller.exe by The Weather Channel Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.weather.com.
Publisher:
The Weather Channel Interactive  (signed by The Weather Channel Interactive, Inc.)

Product:
The Weather Channel Interactive Consumer Application Software

Version:
7, 0, 0, 31

MD5:
8c7b6f65bfb933ae2fc01d9d74a42a24

SHA-1:
b6187a282eb605488d96d4d68f00a4e4542544fa

SHA-256:
caf946eecacf16761714e373f4932e335f3ed322e4749a6998725fcd27c7acbb

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:36:34 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask.Toolbar.Installer
16.2.15.20

File size:
2.3 MB (2,383,000 bytes)

Product version:
0, 0, 0, 31

Copyright:
(c) The Weather Channel Interactive. All rights reserved.

Original file name:
TheWeatherChannel_Stub____.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\asktoolbar_stubinstaller.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
8/17/2010 7:00:00 PM

Valid to:
8/24/2013 6:59:59 PM

Subject:
CN="The Weather Channel Interactive, Inc.", OU=weather.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="The Weather Channel Interactive, Inc.", L=Atlanta, S=Georgia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0CF27D8CB4EDA3914349710E84B06FB1

File PE Metadata
Compilation timestamp:
3/27/2013 9:08:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:BlA5aGpkml3wEFoFDiFgy4gnUpdNdtuaa+kupJIoh87mATDn1zkfjAiHp8vzYlfD:Q5aGpkKwcoFDJy4gUpdNdtua/FIoh87g

Entry address:
0x1093C2

Entry point:
E8, C0, BB, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, E8, F2, A9, 00, 00, 8B, 4D, 08, 89, 48, 14, 5D, C3, E8, E5, A9, 00, 00, 8B, C8, 8B, 41, 14, 69, C0, FD, 43, 03, 00, 05, C3, 9E, 26, 00, 89, 41, 14, C1, E8, 10, 25, FF, 7F, 00, 00, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, 83, 7D, 10, 00, 53, 56, 57, 0F, 84, C6, 00, 00, 00, FF, 75, 14, 8D, 4D, F0, E8, 00, F9, FF, FF, 8B, 5D, 08, 85, DB, 75, 27, E8, 93, 2B, 00, 00, C7, 00, 16, 00, 00, 00, E8, 4C, 72, 00, 00, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70...
 
[+]

Code size:
1.2 MB (1,254,400 bytes)

The file asktoolbar_stubinstaller.exe has been seen being distributed by the following URL.

Remove asktoolbar_stubinstaller.exe - Powered by Reason Core Security