comcastantispyservice.exe

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application comcastantispyservice.exe by Visicom Media has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Comcast AntiSpyware”.
Publisher:
Visicom Media Inc.  (signed and verified)

Version:
1.0.0.51

MD5:
f9dac844b1d370da4c984d4c22f5e696

SHA-1:
ff3f15068272014d73ccf8004289c0aa0a0bc653

SHA-256:
753b08e4d4cc09c91c16394f6a420e6da033d41fde510a41f900c1ced0e6b946

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2018 2:16:09 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Service.VisicomMedia.V
188838

Reason Heuristics
PUP.Service.VisicomMedia.V
14.8.7.19

File size:
602 KB (616,408 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (Canada)

Common path:
C:\Program Files\comcasttb\comcastspywarescan\comcastantispyservice.exe

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
5/27/2008 8:00:00 PM

Valid to:
6/22/2010 7:59:59 PM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
70DEF7A1CF826EC0B9F2257933EA429B

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:+miJMUAxTAA5K33DdAr4M0aQmhmvURFI3HHACYjp0EGHNQ+XhPbnNVaX:+maMjWA5K33DK8M0fUfdjpP+XvVaX

Entry address:
0x838B0

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, A8, 23, 48, 00, E8, 0F, 3C, F8, FF, A1, 64, 5E, 48, 00, 8B, 00, 80, 78, 30, 00, 74, 10, A1, 64, 5E, 48, 00, 8B, 00, E8, 42, FC, FD, FF, 84, C0, 74, 0C, A1, 64, 5E, 48, 00, 8B, 00, 8B, 10, FF, 52, 34, A1, 64, 5E, 48, 00, 8B, 00, 83, C0, 3C, BA, 30, 39, 48, 00, E8, AA, 19, F8, FF, 8B, 0D, 04, 5E, 48, 00, A1, 64, 5E, 48, 00, 8B, 00, 8B, 15, 7C, 20, 48, 00, 8B, 18, FF, 53, 30, A1, 64, 5E, 48, 00, 8B, 00, 8B, 10, FF, 52, 38, 5B, E8, 64, 17, F8, FF, FF, FF, FF, FF, 13, 00, 00, 00...
 
[+]

Entropy:
6.6315

Developed / compiled with:
Microsoft Visual C++

Code size:
520.5 KB (532,992 bytes)

Service
Display name:
Comcast AntiSpyware

Service name:
AntiSpywareService

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a184-86-240-203.deploy.static.akamaitechnologies.com  (184.86.240.203:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-202-102-75.deploy.static.akamaitechnologies.com  (23.202.102.75:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a104-87-147-235.deploy.static.akamaitechnologies.com  (104.87.147.235:80)

TCP (HTTP):
Connects to s128m.ddc.akamai.com  (72.246.196.128:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-219-161-58.deploy.static.akamaitechnologies.com  (23.219.161.58:80)

TCP (HTTP):
Connects to a23-211-124-27.deploy.static.akamaitechnologies.com  (23.211.124.27:80)

TCP (HTTP):
Connects to a23-211-124-153.deploy.static.akamaitechnologies.com  (23.211.124.153:80)

TCP (HTTP):
Connects to a23-211-124-105.deploy.static.akamaitechnologies.com  (23.211.124.105:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a118-214.160-200.deploy.akamaitechnologies.com  (118.214.160.200:80)

TCP (HTTP):
Connects to a104-97-14-232.deploy.static.akamaitechnologies.com  (104.97.14.232:80)

TCP (HTTP):
Connects to a104-97-14-145.deploy.static.akamaitechnologies.com  (104.97.14.145:80)

TCP (HTTP):

Remove comcastantispyservice.exe - Powered by Reason Core Security