home

pip268_sgt_.exe

Offercast - APN Install Manager

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application pip268_sgt_.exe by Ask.com has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Offercast APN Install Manager installer. This version of the installer will bundle the Ask.com Toolbar, a potentially unwanted web browser extension. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address 199.36.100.103.df.iacapn.com on port 80 using the HTTP protocol.
Publisher:
Ask.com  (signed and verified)

Product:
Offercast - APN Install Manager

Version:
2.6.8.0

MD5:
612d3a6d9895361a15660fa44b64e42a

SHA-1:
f6f2472463f43d7023d2ae7570f4c6c6ac456cf6

SHA-256:
0d9942d1e319f1de13a29a795859bad243463c5f7fce29da4a1e40d5015f58a9

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
This is the APN Offercast install manager which will offer the user to opt-out of installing the Ask.com Toolbar as part of the setup routine.

Analysis date:
11/30/2024 10:20:43 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant)
8.8605

Reason Heuristics
PUP.Installer.Ask.L
14.8.8.2

File size:
910.7 KB (932,552 bytes)

Product version:
2.6.8.0

Copyright:
2010 (c) Ask.com. All rights reserved.

Original file name:
AskInstaller.exe

File type:
Executable application (Win32 EXE)

Installer:
Offercast APN Install Manager

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\pip268_sgt_.exe

Digital Signature
Signed by:
Ask.com

Authority:
VeriSign, Inc.

Valid from:
6/20/2011 3:00:00 AM

Valid to:
6/19/2014 2:59:59 AM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0965F2AC7236C7E1BDCA44ED139B273A

File PE Metadata
Compilation timestamp:
10/10/2012 2:06:34 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:bHBNj3PmcSaICkDCXJKMffnzIjn918DsRV:lTkDCXJKMfv8j91hRV

Entry address:
0x6B892

Entry point:
E8, 11, DE, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 68, D4, 48, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 5C, C3, 48, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, A8, CC, 4A, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, AC...
 
[+]

Entropy:
6.7439

Code size:
552.5 KB (565,760 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 199.36.100.103.df.iacapn.com  (199.36.100.103:80)

TCP (HTTP):
Connects to a23-7-241-166.deploy.static.akamaitechnologies.com  (23.7.241.166:80)

TCP (HTTP):
Connects to a173-223-128-35.deploy.static.akamaitechnologies.com  (173.223.128.35:80)

TCP (HTTP):
Connects to a184-84-26-124.deploy.static.akamaitechnologies.com  (184.84.26.124:80)

TCP (HTTP):
Connects to a104-88-200-176.deploy.static.akamaitechnologies.com  (104.88.200.176:80)

TCP (HTTP):
Connects to a104-108-232-135.deploy.static.akamaitechnologies.com  (104.108.232.135:80)

TCP (HTTP):
Connects to a23-219-134-82.deploy.static.akamaitechnologies.com  (23.219.134.82:80)

TCP (HTTP):
Connects to a172-227-120-79.deploy.static.akamaitechnologies.com  (172.227.120.79:80)

TCP (HTTP):
Connects to a23-58-30-3.deploy.static.akamaitechnologies.com  (23.58.30.3:80)

TCP (HTTP):
Connects to a23-49-30-3.deploy.static.akamaitechnologies.com  (23.49.30.3:80)

TCP (HTTP):
Connects to a23-207-140-96.deploy.static.akamaitechnologies.com  (23.207.140.96:80)

TCP (HTTP):
Connects to a184-86-116-51.deploy.static.akamaitechnologies.com  (184.86.116.51:80)

TCP (HTTP):
Connects to a184-29-5-164.deploy.static.akamaitechnologies.com  (184.29.5.164:80)

TCP (HTTP):
Connects to a173-222-71-49.deploy.static.akamaitechnologies.com  (173.222.71.49:80)

TCP (HTTP):
Connects to a104-93-237-224.deploy.static.akamaitechnologies.com  (104.93.237.224:80)

TCP (HTTP):
Connects to a104-93-106-192.deploy.static.akamaitechnologies.com  (104.93.106.192:80)

TCP (HTTP):
Connects to a104-114-89-175.deploy.static.akamaitechnologies.com  (104.114.89.175:80)

TCP (HTTP):
Connects to a92-122-47-237.deploy.akamaitechnologies.com  (92.122.47.237:80)

TCP (HTTP):
Connects to a23-45-227-222.deploy.static.akamaitechnologies.com  (23.45.227.222:80)

TCP (HTTP):
Connects to a104-89-7-79.deploy.static.akamaitechnologies.com  (104.89.7.79:80)

Remove pip268_sgt_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.