» comcastantispyservice.exe
Overview
Analysis
File Details
Behaviors (1)
Network (20)

comcastantispyservice.exe

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application comcastantispyservice.exe by Visicom Media has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Comcast AntiSpyware”.

File name:

Publisher:

Visicom Media Inc. (signed and verified)

Version:

1.0.0.51

MD5:

f9dac844b1d370da4c984d4c22f5e696

SHA-1:

ff3f15068272014d73ccf8004289c0aa0a0bc653

SHA-256:

753b08e4d4cc09c91c16394f6a420e6da033d41fde510a41f900c1ced0e6b946

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 9:12:54 PM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.Service.VisicomMedia.V

188838

Reason Heuristics

PUP.Service.VisicomMedia.V

14.8.7.19

File size:

602 KB (616,408 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (Canada)

Common path:

C:\Program Files\comcasttb\comcastspywarescan\comcastantispyservice.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

5/27/2008 8:00:00 PM

Valid to:

6/22/2010 7:59:59 PM

Subject:

CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

70DEF7A1CF826EC0B9F2257933EA429B

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:+miJMUAxTAA5K33DdAr4M0aQmhmvURFI3HHACYjp0EGHNQ+XhPbnNVaX:+maMjWA5K33DK8M0fUfdjpP+XvVaX

Entry address:

0x838B0

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, A8, 23, 48, 00, E8, 0F, 3C, F8, FF, A1, 64, 5E, 48, 00, 8B, 00, 80, 78, 30, 00, 74, 10, A1, 64, 5E, 48, 00, 8B, 00, E8, 42, FC, FD, FF, 84, C0, 74, 0C, A1, 64, 5E, 48, 00, 8B, 00, 8B, 10, FF, 52, 34, A1, 64, 5E, 48, 00, 8B, 00, 83, C0, 3C, BA, 30, 39, 48, 00, E8, AA, 19, F8, FF, 8B, 0D, 04, 5E, 48, 00, A1, 64, 5E, 48, 00, 8B, 00, 8B, 15, 7C, 20, 48, 00, 8B, 18, FF, 53, 30, A1, 64, 5E, 48, 00, 8B, 00, 8B, 10, FF, 52, 38, 5B, E8, 64, 17, F8, FF, FF, FF, FF, FF, 13, 00, 00, 00... 
[+]

Entropy:

6.6315

Developed / compiled with:

Microsoft Visual C++

Code size:

520.5 KB (532,992 bytes)

Service

Display name:

Comcast AntiSpyware

Service name:

AntiSpywareService

Type:

Win32OwnProcess

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a184-86-240-203.deploy.static.akamaitechnologies.com (184.86.240.203:80)

TCP (HTTP):

Connects to a23-62-227-8.deploy.static.akamaitechnologies.com (23.62.227.8:80)

TCP (HTTP):

Connects to a23-202-102-75.deploy.static.akamaitechnologies.com (23.202.102.75:80)

TCP (HTTP):

Connects to a23-38-176-98.deploy.static.akamaitechnologies.com (23.38.176.98:80)

TCP (HTTP):

Connects to a23-197-50-50.deploy.static.akamaitechnologies.com (23.197.50.50:80)

TCP (HTTP):

Connects to a104-87-147-235.deploy.static.akamaitechnologies.com (104.87.147.235:80)

TCP (HTTP):

Connects to s128m.ddc.akamai.com (72.246.196.128:80)

TCP (HTTP):

Connects to a23-78-198-75.deploy.static.akamaitechnologies.com (23.78.198.75:80)

TCP (HTTP):

Connects to a23-74-2-81.deploy.static.akamaitechnologies.com (23.74.2.81:80)

TCP (HTTP):

Connects to a23-62-227-48.deploy.static.akamaitechnologies.com (23.62.227.48:80)

TCP (HTTP):

Connects to a23-219-161-58.deploy.static.akamaitechnologies.com (23.219.161.58:80)

TCP (HTTP):

Connects to a23-211-124-27.deploy.static.akamaitechnologies.com (23.211.124.27:80)

TCP (HTTP):

Connects to a23-211-124-153.deploy.static.akamaitechnologies.com (23.211.124.153:80)

TCP (HTTP):

Connects to a23-211-124-105.deploy.static.akamaitechnologies.com (23.211.124.105:80)

TCP (HTTP):

Connects to a23-192-30-46.deploy.static.akamaitechnologies.com (23.192.30.46:80)

TCP (HTTP):

Connects to a184-28-3-104.deploy.static.akamaitechnologies.com (184.28.3.104:80)

TCP (HTTP):

Connects to a118-214.160-200.deploy.akamaitechnologies.com (118.214.160.200:80)

TCP (HTTP):

Connects to a104-97-14-232.deploy.static.akamaitechnologies.com (104.97.14.232:80)

TCP (HTTP):

Connects to a104-97-14-145.deploy.static.akamaitechnologies.com (104.97.14.145:80)

TCP (HTTP):

Connects to a104-88-51-15.deploy.static.akamaitechnologies.com (104.88.51.15:80)

Remove comcastantispyservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.