» aceftp3free.exe
Overview
Analysis
File Details

aceftp3free.exe

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application aceftp3free.exe by Visicom Media has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.

File name:

aceftp3free.exe

Publisher:

Visicom Media Inc. (signed and verified)

MD5:

56dab72fa27744800b1e659a1a19134d

SHA-1:

590b49b74fac99db19ae7c9d3dd65ae805603a89

SHA-256:

fbdde92a7653e5e55414a7c649b7ac6b8fe42e9aff75243e1dabd86050a916f6

Scanner detections:

9 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 10:12:43 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adware.MegaSearch

7.1.1

Avira AntiVirus

DR/MegaSearch.N.25

7.11.137.70

Comodo Security

ApplicUnwnt.Win32.Adware.MegaSearch.n

17934

McAfee

Artemis!56DAB72FA277

5600.7134

Norman

Suspicious_Gen2.WXVF

11.20140511

Panda Antivirus

Adware/Naupoint

14.05.11.08

Quick Heal

AdWare.MegaSearch.n.n8 (Not a Virus)

5.14.12.00

Reason Heuristics

PUP.VisicomMedia.L

14.8.7.19

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

File size:

5.1 MB (5,332,160 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\aceftp3free.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

6/20/2007 4:00:00 AM

Valid to:

6/23/2008 3:59:59 AM

Subject:

CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

53647B50983ED1EB11C279CB398C2CA4

File PE Metadata

Compilation timestamp:

4/27/2007 11:59:31 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:/D68Ej8FzT7VtTZzjN488mof+gJtQL1KzPKBrXa3/i++BAyWguh3ei:bsQFr5Nk+OQLgDCrXwn+vuh3ei

Entry address:

0x3161

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 53, FF, 15, 78, 72, 40, 00, A3, B4, 3F, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, C8, F4, 41, 00, FF, 15, 54, 71, 40, 00, 68, C8, 91, 40, 00, 68, 00, 37, 42, 00, E8, 82, 27, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 70, 27, 00, 00, 53, FF, 15, 08, 71, 40, 00, 80, 3D, 00, 90, 42, 00, 22, A3, 00, 3F, 42, 00, 8B, C7, 75, 0A... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

22 KB (22,528 bytes)

Remove aceftp3free.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.