Win32/Bundled.Toolbar.Ask.D potentially unsafe (file analysis)

The Win32/Bundled.Toolbar.Ask.D potentially unsafe is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32/Bundled.Toolbar.Ask.D potentially unsafe virus can do?

Sample contains Overlay data
Reads data out of its own binary image
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Win32/Bundled.Toolbar.Ask.D potentially unsafe?


File Info:
name: BEC076DDCFB6BE46FF00.mlw
path: /opt/CAPEv2/storage/binaries/bde0eb5e5b2dc22f02bbfe5126e579ae2b89aac7f0520c01f0021d6af5af95ef
crc32: 66F6F504
md5: bec076ddcfb6be46ff0082c6121d2bb9
sha1: 3b86fc4f7b6e25025ff943724024279f68998a1c
sha256: bde0eb5e5b2dc22f02bbfe5126e579ae2b89aac7f0520c01f0021d6af5af95ef
sha512: f7389cd25a67e980147daab012228372c020b37ba797cd99ab4fe29376c43bc5f93dc6212fb7a85e2b85ec4b04dc0c0db4c1d4a33649de33e7203f5857ed5b5d
ssdeep: 98304:wwNoOKTzu+VTvs+R/AMACqho8miCg+7lj6UGHxqei44e4hwSh:wxOEzdVTvs+/AB2NzpjaHxvi44Rhrh
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14B363385E79C45B8F2E2E934798675541723EC2BBA208D862392FF1F1C3B55E2D7C902
sha3_384: 17fb6f512a967cd138f686f99a7288e3eae224dfc4e643593ec51e576883ee9b8fc6261fdea7d1eb1cd20ba02345f54d
ep_bytes: 81ecd4020000535556576a2033ed5e89
timestamp: 2011-09-05 14:16:19

Version Info:
CompanyName: AVM Software Inc.
FileDescription: Paltalk Messenger Setup
FileVersion: 11,4,562,15996
LegalCopyright: Copyright 1999 - 2014
OriginalFilename: paltalk_messenger_setup.exe
ProductName: Paltalk Messenger Setup
ProductVersion: 11,4,562,15996
Translation: 0x0409 0x04b0

Win32/Bundled.Toolbar.Ask.D potentially unsafe also known as:

Lionic	Riskware.Win32.Asparnet.1!c
Skyhigh	BehavesLike.Win32.Dropper.rc
Cylance	unsafe
Sangfor	PUP.Win32.Ask.Vta5
K7AntiVirus	Unwanted-Program ( 004bd61f1 )
K7GW	Unwanted-Program ( 004bd61f1 )
Symantec	PUA.Gen.2
ESET-NOD32	a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe
Cynet	Malicious (score: 100)
Kaspersky	not-a-virus:UDS:WebToolbar.Win32.Asparnet
Avast	Win32:Malware-gen
Sophos	Generic ML PUA (PUA)
Emsisoft	Application.Toolbar (A)
Antiy-AVL	GrayWare[Toolbar]/Win32.Ask
Microsoft	PUA:Win32/Presenoker
ZoneAlarm	not-a-virus:HEUR:WebToolbar.Win32.Asparnet.gen
McAfee	Artemis!BEC076DDCFB6
VBA32	SigAdware.Ask.com
Malwarebytes	Generic.Malware/Suspicious
Yandex	PUA.Toolbar.Asparnet!wxNU/MnceEg
Ikarus	PUA.Bundled.Toolbar
Fortinet	Adware/Ask
AVG	Win32:Malware-gen
DeepInstinct	MALICIOUS
CrowdStrike	win/grayware_confidence_100% (D)

How to remove Win32/Bundled.Toolbar.Ask.D potentially unsafe?

Win32/Bundled.Toolbar.Ask.D potentially unsafe removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X