home

TBNotifier.exe

Ask TBNotifier

APN LLC

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application TBNotifier.exe, “Ask Toolbar Notifier” by APN has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address www.search.ask.com on port 80 using the HTTP protocol.
Publisher:
APN  (signed by APN LLC)

Product:
Ask TBNotifier

Description:
Ask Toolbar Notifier

Version:
31.10.3.1827

MD5:
6eb9863862378cad32898e6a97af0135

SHA-1:
0a9a97aa6a2c1865ec4428d0e4a12a1399458494

SHA-256:
29e0995fcb201f955bb30fab051f6bd1e01847775f12945096d531e7378d9ebf

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
1/24/2025 12:02:31 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask (M)
17.3.7.2

File size:
1.9 MB (1,942,424 bytes)

Product version:
31.10.3.1827

Copyright:
(c) Ask Partner Network. All rights reserved

Original file name:
TBNotifier.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\askpartnernetwork\toolbar\orj-spe\source\Program Files\askpartnernetwork\toolbar\updater\tbnotifier.exe

Digital Signature
Signed by:
APN LLC

Authority:
VeriSign, Inc.

Valid from:
1/23/2014 12:00:00 AM

Valid to:
4/9/2015 12:59:59 AM

Subject:
CN=APN LLC, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=APN LLC, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2F4E343161BC7EB67514D3DCEC434EA0

File PE Metadata
Compilation timestamp:
10/3/2014 9:08:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x111FD6

Entry point:
E8, D0, D0, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 8B, 4D, 08, 53, 8B, 5D, 0C, 56, 57, 8B, 7D, 10, 89, 4D, F8, 89, 5D, FC, 85, FF, 74, 1A, 83, 7D, 14, 00, 74, 14, 85, C9, 75, 17, E8, 48, D3, FF, FF, C7, 00, 16, 00, 00, 00, E8, 2A, 2B, 00, 00, 33, C0, 5F, 5E, 5B, C9, C3, 8B, 75, 18, 85, F6, 74, 0C, 83, C8, FF, 33, D2, F7, F7, 39, 45, 14, 76, 21, 83, FB, FF, 74, 0C, 53, 6A, 00, 51, E8, 30, 9C, FF, FF, 83, C4, 0C, 85, F6, 74, C1, 83, C8, FF, 33, D2, F7, F7, 39, 45, 14, 77, B5, 0F, AF, 7D...
 
[+]

Entropy:
6.4889

Code size:
1.2 MB (1,290,752 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.search-results.com  (66.235.120.111:80)

TCP (HTTP):
Connects to www.search.ask.com  (23.76.222.3:80)

TCP (HTTP):
Connects to websearch.search-results.com  (199.36.100.106:80)

 
http://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=621002999&locale=us_ZZ&apn_uid=1863024699&apn_ptnrs=2R&apn_sauid=1242016466&apn_dtid=get001YYPT&q=

TCP (HTTP):
Connects to ss.websearch.ask.com  (174.129.25.170:80)

Remove TBNotifier.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.