Toolbar.exe

Toolbar Core

APN LLC

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application Toolbar.exe by APN has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the APN Stub installer.
Publisher:
APN LLC.  (signed by APN LLC)

Product:
Toolbar Core

Version:
21.9.0.1064

MD5:
8fa5e0ed3fe1fcb7ed8995f7f95b4ceb

SHA-1:
8ff29b6a5a6e1aef364d21a215bf6a595c7596be

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:23:54 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.AskToolbar
4.0.3.14830

Reason Heuristics
PUP.Toolbar.APN.H
14.8.30.4

File size:
381.9 KB (391,064 bytes)

Product version:
21.9.0.1064

Copyright:
(c) APN LLC. All rights reserved.

Original file name:
Toolbar.exe

File type:
Executable application (Win32 EXE)

Installer:
APN Stub

Language:
English (United States)

Common path:
C:\Program Files\askpartnernetwork\toolbar\orj-spe\source\Program Files\askpartnernetwork\toolbar\toolbar.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/23/2014 2:00:00 AM

Valid to:
4/9/2015 2:59:59 AM

Subject:
CN=APN LLC, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=APN LLC, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2F4E343161BC7EB67514D3DCEC434EA0

File PE Metadata
Compilation timestamp:
8/18/2014 8:17:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:YwJ2oa3uU1HPrJ9KtNFQMzLeaJrg+Q3xEXTBl+4b08uvQXM0:TNmPrJwt/QMzLZJLQ3xEXTDlfxx

Entry address:
0x20209

Entry point:
E8, 9E, 81, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 30, 0E, 44, 00, 89, 0D, 2C, 0E, 44, 00, 89, 15, 28, 0E, 44, 00, 89, 1D, 24, 0E, 44, 00, 89, 35, 20, 0E, 44, 00, 89, 3D, 1C, 0E, 44, 00, 66, 8C, 15, 48, 0E, 44, 00, 66, 8C, 0D, 3C, 0E, 44, 00, 66, 8C, 1D, 18, 0E, 44, 00, 66, 8C, 05, 14, 0E, 44, 00, 66, 8C, 25, 10, 0E, 44, 00, 66, 8C, 2D, 0C, 0E, 44, 00, 9C, 8F, 05, 40, 0E, 44, 00, 8B, 45, 00, A3, 34, 0E, 44, 00, 8B, 45, 04, A3, 38, 0E, 44, 00, 8D, 45, 08, A3, 44, 0E, 44...
 
[+]

Code size:
188.5 KB (193,024 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-220-241-129.deploy.static.akamaitechnologies.com  (23.220.241.129:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to i27.158.178.82.omantel.net.om  (82.178.158.27:80)

TCP (HTTP SSL):
Connects to ec2-52-29-251-120.eu-central-1.compute.amazonaws.com  (52.29.251.120:443)

TCP (HTTP):
Connects to a23-61-255-219.deploy.static.akamaitechnologies.com  (23.61.255.219:80)

TCP (HTTP):
Connects to a23-61-255-208.deploy.static.akamaitechnologies.com  (23.61.255.208:80)

TCP (HTTP):
Connects to a23-61-187-191.deploy.static.akamaitechnologies.com  (23.61.187.191:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-209-186-68.deploy.static.akamaitechnologies.com  (23.209.186.68:80)

TCP (HTTP):
Connects to a184-26-62-120.deploy.static.akamaitechnologies.com  (184.26.62.120:80)

TCP (HTTP SSL):
Connects to a104-80-17-54.deploy.static.akamaitechnologies.com  (104.80.17.54:443)

TCP (HTTP):

Remove Toolbar.exe - Powered by Reason Core Security