home

Toolbar.exe

Toolbar Core

APN LLC

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application Toolbar.exe by APN has been detected as a potentially unwanted program by 12 anti-malware scanners.
Publisher:
APN LLC.  (signed by APN LLC)

Product:
Toolbar Core

Version:
21.10.1.2128

MD5:
eba2b411ba32362652abda0810525afa

SHA-1:
d22927fa905d23e99e73861acdbeb03b1fc10610

SHA-256:
88a6eb3e7353007b73bb59d350566fafd7c88314e10e4447f062dc7ca121714f

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 7:23:31 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Kashu.E
2014.07.24

avast!
Win32:Kukacka
2014.9-141028

Baidu Antivirus
PUA.Win32.AskToolbar
4.0.3.141028

F-Prot
W32/Virut.AI!Generic
v6.4.6.5.141

K7 AntiVirus
Virus
13.181.12819

Microsoft Security Essentials
Threat.Undefined
1.179.842.0

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Reason Heuristics
PUP.Toolbar.APN.H
14.10.28.19

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.141026

Trend Micro House Call
PE_SALITY.RL
7.2.301

Trend Micro
PE_SALITY.RL
10.465.28

VIPRE Antivirus
Threat.4721115
31208

File size:
381.9 KB (391,064 bytes)

Product version:
21.10.1.2128

Copyright:
(c) APN LLC. All rights reserved.

Original file name:
Toolbar.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\askpartnernetwork\toolbar\toolbar.exe

Digital Signature
Signed by:
APN LLC

Authority:
VeriSign, Inc.

Valid from:
1/22/2014 7:00:00 PM

Valid to:
4/8/2015 7:59:59 PM

Subject:
CN=APN LLC, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=APN LLC, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2F4E343161BC7EB67514D3DCEC434EA0

File PE Metadata
Compilation timestamp:
10/22/2014 3:11:39 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:MwJ2oa3uU1HPrJ9KtNFQMzLeaJrg+Q3xEmTBlN4b0euvQXh3:fNmPrJwt/QMzLZJLQ3xEmTDSVxd

Entry address:
0x20209

Entry point:
E8, 9E, 81, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 30, 0E, 44, 00, 89, 0D, 2C, 0E, 44, 00, 89, 15, 28, 0E, 44, 00, 89, 1D, 24, 0E, 44, 00, 89, 35, 20, 0E, 44, 00, 89, 3D, 1C, 0E, 44, 00, 66, 8C, 15, 48, 0E, 44, 00, 66, 8C, 0D, 3C, 0E, 44, 00, 66, 8C, 1D, 18, 0E, 44, 00, 66, 8C, 05, 14, 0E, 44, 00, 66, 8C, 25, 10, 0E, 44, 00, 66, 8C, 2D, 0C, 0E, 44, 00, 9C, 8F, 05, 40, 0E, 44, 00, 8B, 45, 00, A3, 34, 0E, 44, 00, 8B, 45, 04, A3, 38, 0E, 44, 00, 8D, 45, 08, A3, 44, 0E, 44...
 
[+]

Entropy:
5.7861

Code size:
188.5 KB (193,024 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-207-174-178.deploy.static.akamaitechnologies.com  (23.207.174.178:80)

TCP (HTTP):
Connects to a23-192-14-47.deploy.static.akamaitechnologies.com  (23.192.14.47:80)

TCP (HTTP):
Connects to a104-97-96-224.deploy.static.akamaitechnologies.com  (104.97.96.224:80)

TCP (HTTP):
Connects to a104-97-23-222.deploy.static.akamaitechnologies.com  (104.97.23.222:80)

TCP (HTTP):
Connects to a104-96-186-50.deploy.static.akamaitechnologies.com  (104.96.186.50:80)

TCP (HTTP SSL):
Connects to a104-125-31-130.deploy.static.akamaitechnologies.com  (104.125.31.130:443)

TCP (HTTP):
Connects to a173-222-148-17.deploy.static.akamaitechnologies.com  (173.222.148.17:80)

TCP (HTTP):
Connects to a23-15-249-61.deploy.static.akamaitechnologies.com  (23.15.249.61:80)

TCP (HTTP):
Connects to a184-27-23-218.deploy.static.akamaitechnologies.com  (184.27.23.218:80)

TCP (HTTP):
Connects to a104-124-127-137.deploy.static.akamaitechnologies.com  (104.124.127.137:80)

TCP (HTTP):
Connects to a23-9-183-35.deploy.static.akamaitechnologies.com  (23.9.183.35:80)

TCP (HTTP):
Connects to a23-74-108-201.deploy.static.akamaitechnologies.com  (23.74.108.201:80)

TCP (HTTP):
Connects to a23-67-11-141.deploy.static.akamaitechnologies.com  (23.67.11.141:80)

TCP (HTTP):
Connects to a23-40-182-58.deploy.static.akamaitechnologies.com  (23.40.182.58:80)

TCP (HTTP):
Connects to a23-32-43-53.deploy.static.akamaitechnologies.com  (23.32.43.53:80)

TCP (HTTP):
Connects to a23-219-109-165.deploy.static.akamaitechnologies.com  (23.219.109.165:80)

TCP (HTTP):
Connects to a23-211-100-158.deploy.static.akamaitechnologies.com  (23.211.100.158:80)

TCP (HTTP):
Connects to a173-222-148-18.deploy.static.akamaitechnologies.com  (173.222.148.18:80)

TCP (HTTP):
Connects to a104-82-239-197.deploy.static.akamaitechnologies.com  (104.82.239.197:80)

TCP (HTTP):
Connects to a104-105-53-160.deploy.static.akamaitechnologies.com  (104.105.53.160:80)

Remove Toolbar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.