precache.exe

Ask.com

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application precache.exe by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Ask Toolbar by Ask.com which is a potentially unwanted software program.
Publisher:
Ask.com  (signed and verified)

MD5:
3567c03de9d8291d9610760836a988d3

SHA-1:
2c364722541d728b437e91843774894c566a0433

SHA-256:
0df9bce6f2e5bef843c8a646339b2d5a3bf12db23c9deaab78af97dfee855ee1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/26/2024 10:51:18 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask.I
14.8.8.2

File size:
70.1 KB (71,816 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ask.com\precache.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/19/2011 5:00:00 PM

Valid to:
6/18/2014 4:59:59 PM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0965F2AC7236C7E1BDCA44ED139B273A

File PE Metadata
Compilation timestamp:
4/25/2013 4:21:08 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:/cPIZMtd5ztcsjvrQYLsZWd9z5IcfY6Pp1iFDcnD6WVUHs3kpJJtFwzTbk0:UOM5zi5YL9jAK1H+vJJebk0

Entry address:
0x2796

Entry point:
E8, 74, 28, 00, 00, E9, 79, FE, FF, FF, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, C8, FD, 40, 00, 00, 74, 05, E9, FD, 2D, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24, 08, 5F, C3, 8B...
 
[+]

Entropy:
6.3501

Code size:
35 KB (35,840 bytes)

The file precache.exe has been discovered within the following programs.

Ask Toolbar  by Ask.com
The Ask Toolbar is a web-browser add-on that can appear as an extra bar added to the browser's window and/or menu. It is often installed (sometimes without warning) during the installation of other software. Ask.
help.ask.com/link/portal/30015/30018/Article/1/How-do-I-remove-the-Ask-com-Toolbar
81% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 199.36.102.106.df.iacapn.com  (199.36.102.106:80)

TCP (HTTP):
Connects to a88-221-100-112.deploy.akamaitechnologies.com  (88.221.100.112:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-53-108-169.deploy.static.akamaitechnologies.com  (23.53.108.169:80)

TCP (HTTP):
Connects to ec2-52-0-115-138.compute-1.amazonaws.com  (52.0.115.138:80)

TCP (HTTP):
Connects to ec2-35-162-44-96.us-west-2.compute.amazonaws.com  (35.162.44.96:80)

TCP (HTTP):

TCP (HTTP):
Connects to a104-86-233-211.deploy.static.akamaitechnologies.com  (104.86.233.211:80)

TCP (HTTP):
Connects to a104-103-105-67.deploy.static.akamaitechnologies.com  (104.103.105.67:80)

TCP (HTTP):
Connects to a184-84-97-151.deploy.static.akamaitechnologies.com  (184.84.97.151:80)

TCP (HTTP):
Connects to a104-88-195-199.deploy.static.akamaitechnologies.com  (104.88.195.199:80)

TCP (HTTP):
Connects to pc198.nero.com  (82.98.209.198:80)

TCP (HTTP):
Connects to ec2-52-72-187-38.compute-1.amazonaws.com  (52.72.187.38:80)

TCP (HTTP):
Connects to ec2-52-39-37-58.us-west-2.compute.amazonaws.com  (52.39.37.58:80)

TCP (HTTP):
Connects to a104-84-220-153.deploy.static.akamaitechnologies.com  (104.84.220.153:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-mrs1.fbcdn.net  (31.13.75.12:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-kul1.fbcdn.net  (31.13.67.7:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sit4.facebook.com  (31.13.78.35:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mxp1.facebook.com  (31.13.86.36:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-hkg3.facebook.com  (31.13.95.36:443)

Remove precache.exe - Powered by Reason Core Security