» offercastinstaller.exe
Overview
Analysis
File Details
Downloads (1)

offercastinstaller.exe

Offercast - APN Install Manager

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application offercastinstaller.exe by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Offercast APN Install Manager installer. The file has been seen being downloaded from lnkr.us.

File name:

Publisher:

Ask.com (signed and verified)

Product:

Offercast - APN Install Manager

Version:

3.9.1.17815

MD5:

3e08965ac611cb78f7b4b831f290c8cc

SHA-1:

4a971f3c0ccd82ee9ebca73a4a72b0b9572a37a3

SHA-256:

b044551745b0b0bf4c9049e5c05182b73e71268ac09e0683b31759d318e2a782

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

This is the APN Offercast install manager which will offer the user to opt-out of installing the Ask.com Toolbar as part of the setup routine.

Analysis date:

11/27/2024 2:02:27 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Ask (M)

16.8.1.16

File size:

985.9 KB (1,009,576 bytes)

Product version:

3.9.1.17815

Original file name:

APNInstaller.exe

File type:

Executable application (Win32 EXE)

Installer:

Offercast APN Install Manager

Language:

English (United States)

Common path:

C:\users\{user}\downloads\offercastinstaller.exe

Digital Signature

Signed by:

Ask.com

Authority:

VeriSign, Inc.

Valid from:

6/2/2014 2:00:00 AM

Valid to:

8/1/2016 1:59:59 AM

Subject:

CN=Ask.com, O=Ask.com, L=Oakland, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

071C9C2CC792BCB19C804C3655D4DE1F

File PE Metadata

Compilation timestamp:

10/9/2015 7:17:21 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

24576:K9uhVQAW41Abo7xCXj9tRROy0+DS24XBzh582PdW6o08BvdI9hShiqxLjS35v:EIyd4LU90Nu+BzP82ylBvmjShhjIv

Entry address:

0xA11E

Entry point:

E8, 43, 51, 00, 00, E9, 7F, FE, FF, FF, E8, D0, 10, 00, 00, 85, C0, 75, 06, B8, 74, 01, 42, 00, C3, 83, C0, 0C, C3, 55, 8B, EC, 56, E8, E4, FF, FF, FF, 8B, 4D, 08, 51, 89, 08, E8, 20, 00, 00, 00, 59, 8B, F0, E8, 05, 00, 00, 00, 89, 30, 5E, 5D, C3, E8, 9C, 10, 00, 00, 85, C0, 75, 06, B8, 70, 01, 42, 00, C3, 83, C0, 08, C3, 55, 8B, EC, 8B, 4D, 08, 33, C0, 3B, 0C, C5, 08, 00, 42, 00, 74, 27, 40, 83, F8, 2D, 72, F1, 8D, 41, ED, 83, F8, 11, 77, 05, 6A, 0D, 58, 5D, C3, 8D, 81, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8... 
[+]

Code size:

92 KB (94,208 bytes)

The file offercastinstaller.exe has been seen being distributed by the following URL.

http://lnkr.us/get?sourceId=5&uid=50313x1031x&format=go&out=https://ak.pipoffers.apnpartners.com/static/partners/ASG/OffercastInstaller.exe&ref=http://ares.pl.downloadastro.com/.../

Remove offercastinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.