precache.exe

Ask.com

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application precache.exe by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Ask Toolbar by Ask.com which is a potentially unwanted software program. While running, it connects to the Internet address 31.b5.adb8.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Ask.com  (signed and verified)

MD5:
3172d637a1f42584388286196f856683

SHA-1:
ec9722bc8803b528f1f739443f5ec5cd392b6a59

SHA-256:
dd41c4499e2cad1a8f2bda2edbf289bca3c61a27381c6e795d0ca6426b2e1cec

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/26/2024 10:40:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask.I
14.8.8.2

File size:
67.9 KB (69,512 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ask.com\precache.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/17/2008 3:00:00 AM

Valid to:
6/18/2011 2:59:59 AM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
286F8A30E2EAC6965B936F826A05305D

File PE Metadata
Compilation timestamp:
5/17/2011 11:20:25 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:10wwCl6tGILbs10rvVLsNedQAPHI5o8yPbB6hbCDlC6WVUhYkpJpkPyrJU/sL6bF:10ZtGUBVLhMxwBe+NJpkPd0eb6zS

Entry address:
0x26DE

Entry point:
E8, 7C, 28, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, C8, FD, 40, 00, 00, 74, 05, E9, FD, 2D, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75...
 
[+]

Entropy:
6.2692

Code size:
35 KB (35,840 bytes)

The file precache.exe has been discovered within the following programs.

Ask Toolbar  by Ask.com
The Ask Toolbar is a web-browser add-on that can appear as an extra bar added to the browser's window and/or menu. It is often installed (sometimes without warning) during the installation of other software. Ask.
help.ask.com/link/portal/30015/30018/Article/1/How-do-I-remove-the-Ask-com-Toolbar
81% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.magix.com  (195.214.216.160:80)

TCP (HTTP):
Connects to pc-18.net-216.de.magix.net  (195.214.216.18:80)

TCP (HTTP):
Connects to ec2-35-162-44-96.us-west-2.compute.amazonaws.com  (35.162.44.96:80)

TCP (HTTP):
Connects to a88-221-117-151.deploy.akamaitechnologies.com  (88.221.117.151:80)

TCP (HTTP):

TCP (HTTP):
Connects to a184-50-104-226.deploy.static.akamaitechnologies.com  (184.50.104.226:80)

TCP (HTTP):
Connects to 31.b5.adb8.ip4.static.sl-reverse.com  (184.173.181.49:80)

Remove precache.exe - Powered by Reason Core Security