precache.exe

Ask.com

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application precache.exe by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Ask Toolbar by Ask.com which is a potentially unwanted software program. While running, it connects to the Internet address pc198.nero.com on port 80 using the HTTP protocol.
Publisher:
Ask.com  (signed and verified)

MD5:
c971dc70ab3d0efd48c30c427dd7b5d8

SHA-1:
351cd9e1c324f859c901caea0e2feacbb1abd429

SHA-256:
b0587df6e08015625d55b30cedaa4b4e4c99036b4b8babfbeb15fa3700b2fcf6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/27/2024 7:06:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask.I
14.8.8.2

File size:
70.1 KB (71,816 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ask.com\precache.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/19/2011 5:00:00 PM

Valid to:
6/18/2014 4:59:59 PM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0965F2AC7236C7E1BDCA44ED139B273A

File PE Metadata
Compilation timestamp:
1/24/2013 2:16:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:dcPIZMtd5ztcsjvrQYLsZWd9z5IcfY6Pp1iFDcDD6WVUHj8liRxtFwUTbM:GOM5zi5YL9jAK1b+TRx5bM

Entry address:
0x2796

Entry point:
E8, 74, 28, 00, 00, E9, 79, FE, FF, FF, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, C8, FD, 40, 00, 00, 74, 05, E9, FD, 2D, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24, 08, 5F, C3, 8B...
 
[+]

Entropy:
6.3499

Code size:
35 KB (35,840 bytes)

The file precache.exe has been discovered within the following programs.

Ask Toolbar  by Ask.com
The Ask Toolbar is a web-browser add-on that can appear as an extra bar added to the browser's window and/or menu. It is often installed (sometimes without warning) during the installation of other software. Ask.
help.ask.com/link/portal/30015/30018/Article/1/How-do-I-remove-the-Ask-com-Toolbar
81% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a184-27-23-218.deploy.static.akamaitechnologies.com  (184.27.23.218:80)

TCP (HTTP):
Connects to a23-206-207-211.deploy.static.akamaitechnologies.com  (23.206.207.211:80)

TCP (HTTP):
Connects to ec2-52-39-37-58.us-west-2.compute.amazonaws.com  (52.39.37.58:80)

TCP (HTTP):
Connects to 199.36.102.106.df.iacapn.com  (199.36.102.106:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-mxp1.fbcdn.net  (31.13.86.4:80)

TCP (HTTP):
Connects to wzpo.iad.ask.com  (66.235.120.117:80)

TCP (HTTP):
Connects to pc200.nero.com  (82.98.209.200:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mxp1.facebook.com  (31.13.86.36:443)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to ec2-52-0-115-138.compute-1.amazonaws.com  (52.0.115.138:80)

TCP (HTTP):

TCP (HTTP):
Connects to a104-74-103-136.deploy.static.akamaitechnologies.com  (104.74.103.136:80)

TCP (HTTP):
Connects to a96-6-123-59.deploy.akamaitechnologies.com  (96.6.123.59:80)

TCP (HTTP):
Connects to a88-221-101-89.deploy.akamaitechnologies.com  (88.221.101.89:80)

TCP (HTTP):
Connects to a23-206-100-74.deploy.static.akamaitechnologies.com  (23.206.100.74:80)

TCP (HTTP):
Connects to a184-85-40-160.deploy.static.akamaitechnologies.com  (184.85.40.160:80)

TCP (HTTP):
Connects to a184-26-162-80.deploy.static.akamaitechnologies.com  (184.26.162.80:80)

TCP (HTTP):
Connects to a104-108-57-208.deploy.static.akamaitechnologies.com  (104.108.57.208:80)

TCP (HTTP):
Connects to 179.185.57.33.static.adsl.gvt.net.br  (179.185.57.33:80)

Remove precache.exe - Powered by Reason Core Security