home

blekkotb_019x.dll

dtx Dynamic Link Library

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module blekkotb_019x.dll, “dtx Dynamic Link Library” by Visicom Media has been detected as a potentially unwanted program by 4 anti-malware scanners. It is installed within the Mozilla Firefox web browser as part of an addin/plugin.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
dtx Dynamic Link Library

Description:
dtx Dynamic Link Library

Version:
1, 0, 0, 20

MD5:
4f39569f553c17715ddae90488d5583a

SHA-1:
f2fb215fc349edaa1173a985221ebc9fd30ee2c4

SHA-256:
63c373643b74fbe5697719dc8511e7e70cdd23af93eaee9a3f53a90b28f68d72

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 12:23:51 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Visicom
4.0.3.1623

Boost by Reason
Optional.VisicomMedia
188838

ESET NOD32
Win32/Toolbar.Visicom.B potentially unwanted application
10.7.0.302.0

Reason Heuristics
PUP.Visicom.VisicomMedia (M)
16.2.3.1

File size:
86.8 KB (88,856 bytes)

Product version:
1, 0, 0, 20

Copyright:
Copyright 2010 Visicom Media Inc.

Original file name:
dtx.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\mozilla\firefox\profiles\{user}.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\blekkotb_019x.dll

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Thawte, Inc.

Valid from:
4/18/2012 4:00:00 AM

Valid to:
6/22/2014 3:59:59 AM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B19B54BB7ABEE1A2623111C029AF449

File PE Metadata
Compilation timestamp:
7/15/2010 7:21:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
1536:SNznD/GJR0M0DV0X9Umxe2OG8pixJkGCl6klluPHw53tEt:SdnDVM0I962Ol6klluPHGSt

Entry address:
0x4C36

Entry point:
6A, 0C, 68, C0, D5, 00, 10, E8, 6A, 05, 00, 00, 33, C0, 40, 89, 45, E4, 8B, 75, 0C, 33, FF, 3B, F7, 75, 0C, 39, 3D, 98, 0F, 01, 10, 0F, 84, B3, 00, 00, 00, 89, 7D, FC, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, CC, 27, 01, 10, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 22, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, F9, DB, FF, FF, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF...
 
[+]

Entropy:
6.0424

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
48 KB (49,152 bytes)

Remove blekkotb_019x.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.