toolbarsetup.exe

Ask Toolbar

Ask.com

This installer is part of the Ask.com (APN) network which will install the Ask.com branded toolbar or browser extension which will take control of the web browser's search functions. The application toolbarsetup.exe, “Wrapper Application” by Ask.com has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the APN Stub installer. This version of the installer will bundle the Ask.com Toolbar, a potentially unwanted web browser extension.
Publisher:
Ask  (signed by Ask.com)

Product:
Ask Toolbar

Description:
Wrapper Application

Version:
1.11.0.0

MD5:
ec46331787018af9efce60195148eca4

SHA-1:
6d2ee33a59da71c9e721544e44c854893d90c5fd

SHA-256:
d8d823c68c5b3155b4663da4a808a3a9ac3c3a55073b90ebb01eef3c89c5a77d

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Bundles that Ask.com toolbar as a third-party offer, a web browser extension that may modify a user's search and home pages.

Analysis date:
11/27/2024 6:47:09 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Bundled.Toolbar.Ask (variant)
8.9437

Reason Heuristics
PUP.Installer.Ask.M
14.8.8.2

File size:
3.2 MB (3,311,496 bytes)

Product version:
1.11.0.0

Copyright:
Copyright (C) 2010 Ask.com.

Original file name:
wrapper.exe

File type:
Executable application (Win32 EXE)

Installer:
APN Stub

Language:
English (United States)

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/17/2008 5:30:00 AM

Valid to:
6/18/2011 5:29:59 AM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
286F8A30E2EAC6965B936F826A05305D

File PE Metadata
Compilation timestamp:
1/3/2011 8:46:54 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:Wyc/zovfjDYKEgZp6TDPWWd5yTT37qklKfT:Wyc/zMfjCiMHPWSEqkEL

Entry address:
0x1C2CE

Entry point:
E8, 8F, B0, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, B4, 49, 44, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, 58, B1, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, 54, C4, 41, 00, 90, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04...
 
[+]

Entropy:
7.6221

Code size:
200 KB (204,800 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 74.113.233.61.df.iaccap.com  (74.113.233.61:80)

TCP (HTTP):
Connects to 199.36.102.106.df.iacapn.com  (199.36.102.106:80)

TCP (HTTP):
Connects to 199.36.100.106.df.iacapn.com  (199.36.100.106:80)

Remove toolbarsetup.exe - Powered by Reason Core Security