» allmywebtoolbar.exe
Overview
Analysis
File Details
Downloads (1)

allmywebtoolbar.exe

ScenicReflections Toolbar

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application allmywebtoolbar.exe, “ScenicReflections Toolbar Installer” by Visicom Media has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.allmyweb.com.

File name:

allmywebtoolbar.exe

Publisher:

Visicom Media Inc. (signed and verified)

Product:

ScenicReflections Toolbar

Description:

ScenicReflections Toolbar Installer

Version:

2.0

MD5:

ec2eb16431a46b1129976d0a75117f25

SHA-1:

95171b5109701e90a5f7a07417a8b9931ae30042

SHA-256:

0645e670aac0b8d3143bb55d04794b97f600463a5ba743ea7d99f9f48e243cf7

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 10:04:40 PM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Adware.Installer.VisicomMedia.15

2013.7.17.17

Reason Heuristics

PUP.Installer.VisicomMedia.P

14.10.1.11

Trend Micro House Call

TROJ_DLOADER.BMC

7.2.198

Trend Micro

TROJ_DLOADER.BMC

10.465.17

File size:

2 MB (2,059,216 bytes)

Product version:

2.0.0.1

Trademarks:

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\allmywebtoolbar.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

6/23/2010 8:00:00 PM

Valid to:

6/21/2012 7:59:59 PM

Subject:

CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

73C74D9445094BFD79759F7B9CAFD730

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:1Pdn+jvOebLM9MxyYBwkgaC5Bu7XCTJi5mSxAfzUU:1lsOeHM9KyYah5xJ8zQ

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9908 (probably packed)

Code size:

23 KB (23,552 bytes)

The file allmywebtoolbar.exe has been seen being distributed by the following URL.

http://www.allmyweb.com/.../AllMyWebToolbar.exe

Remove allmywebtoolbar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.