Updater.exe

Updater

Ask.com

This is a component of the Ask.com toolbar, a browser extension that will modify the default web browser's search provider, home page and various other settings. The application Updater.exe by Ask.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ApnUpdater’.
Publisher:
Ask  (signed by Ask.com)

Product:
Updater

Description:
Ask Updater

Version:
1.2.6.44892

MD5:
96510adf83a0515bf70ddf4c4d3935f1

SHA-1:
7e11227303f2f49bf708821ad274bac5871e4f46

SHA-256:
e3eb61b4af5504dfaae5dcbe432ed6ca8ea142500807150a5a3cdc12b5a154a0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/23/2024 11:52:19 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Ask (M)
17.3.13.14

File size:
1.6 MB (1,726,543 bytes)

Product version:
1.2.6.44892

Copyright:
(c) Ask. All rights reserved.

Original file name:
Updater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ask.com\updater\updater.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/20/2011 5:00:00 AM

Valid to:
6/19/2014 4:59:59 AM

Subject:
CN=Ask.com, OU=Distribution, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ask.com, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0965F2AC7236C7E1BDCA44ED139B273A

File PE Metadata
Compilation timestamp:
4/26/2013 4:22:18 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0xAEF01

Entry point:
E9, D5, 24, FD, FF, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, C0, C7, 4F, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, C0, 82, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, 84, F0, 4A, 00, 90, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83...
 
[+]

Entropy:
6.2458

Packer / compiler:
Xtreme-Protector v1.05

Code size:
816 KB (835,584 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ApnUpdater

Command:
"C:\Program Files\ask.com\updater\updater.exe"


Remove Updater.exe - Powered by Reason Core Security