home

adawarebp.exe

Ad-Aware Browsing Protection

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application adawarebp.exe by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address toolbar.lavasoft.com on port 80 using the HTTP protocol.
Publisher:
Lavasoft  (signed by Visicom Media Inc.)

Product:
Ad-Aware Browsing Protection

Version:
1, 0, 1, 31

MD5:
5d51ab9f8c41a99d47d353b48e4291dd

SHA-1:
2d07495701b16dc14fc6b70f02b2f4f262af46d2

SHA-256:
de7930615f5183cb0f77a83deca64d88ce9e3c9ada9f1cef6ee32dcf41df2204

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 5:24:59 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.AdAwareBrowsingProtection.VisicomMedia.J
14.8.7.19

File size:
192.7 KB (197,288 bytes)

Product version:
1.0

Copyright:
Copyright (C) 2010 Lavasoft

File type:
Executable application (Win64 EXE)

Common path:
C:\ProgramData\ad-aware browsing protection\adawarebp.exe

Digital Signature
Signed by:
Visicom Media Inc.

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Serial number:
73C74D9445094BFD79759F7B9CAFD730

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
3072:YT/xWHc6ctpSFjrgZWcFOCprhFqYDWxf0J5nRKSX6D1G5:0/xaMIrQWc0C1hNhTZP

Entry point:
E8, AF, 73, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B...
 
[+]

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to toolbar.lavasoft.com  (70.38.8.231:80)

Remove adawarebp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.