tmp00000004b372cab247da5f93

Ask Toolbar for Internet Explorer

IAC

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The file tmp00000004b372cab247da5f93 by IAC has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Ask.com  (signed by IAC)

Product:
Ask Toolbar for Internet Explorer

Description:
Ask Toolbar

Version:
2, 3, 0, 11

MD5:
1e7ca2f73af68d0ae32139f3ef384698

SHA-1:
a6c2121e87ea28eec6662be4dbc92bcf2f727459

SHA-256:
ed75c43e2aa3224d66e1511716c1fcff95a55dbbc60926b69da27f49e9438847

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 7:57:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask (M)
16.10.5.9

File size:
512 KB (524,288 bytes)

Product version:
2, 3, 0, 11

Copyright:
Copyright © 2007

Original file name:
AskSBar.dll

Language:
English (United States)

Common path:
C:\windows\temp\tmp00000004b372cab247da5f93

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/7/2007 7:00:00 PM

Valid to:
6/7/2008 6:59:59 PM

Subject:
CN=IAC, OU=Search and Media, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=IAC, L=White Plains, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
406C957308063D0297253DA4BE0427DF

File PE Metadata
Compilation timestamp:
6/27/2007 12:38:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:mhGI0xLp7Kkj7qV8nuZvlE0Ib1vS4a7OQ4O:mhGIW5KaqVIYlEdb1aVR

Entry address:
0xFACC

Entry point:
FF, 74, 24, 0C, FF, 74, 24, 0C, FF, 74, 24, 0C, E8, FD, 52, FF, FF, C2, 0C, 00, FF, 15, 4C, A1, 02, 10, 33, C0, C3, A1, 70, 11, 03, 10, 56, 85, C0, 75, 13, FF, 74, 24, 08, 50, FF, 35, 10, 11, 03, 10, FF, 15, F4, A1, 02, 10, 5E, C3, 8B, 0D, 74, 11, 03, 10, 8B, 15, 6C, 11, 03, 10, FF, 05, 74, 11, 03, 10, 23, D1, 8B, 34, 90, 8B, 44, 24, 08, 83, C0, 08, 50, 6A, 00, 56, FF, 15, F4, A1, 02, 10, 85, C0, 74, 07, 89, 30, 83, C0, 08, 5E, C3, 33, C0, 5E, C3, 8B, 44, 24, 04, 33, C9, 3B, C1, 75, 0B, FF, 74, 24, 08, E8...
 
[+]

Entropy:
3.7623

Code size:
164 KB (167,936 bytes)

Remove tmp00000004b372cab247da5f93 - Powered by Reason Core Security