» dlsecuretb_1.0.1.5.exe
Overview
Analysis
File Details
Downloads (1)

dlsecuretb_1.0.1.5.exe

DLSecure Toolbar

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application dlsecuretb_1.0.1.5.exe, “DLSecure Toolbar Installer” has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.idownloadplay.com.

File name:

Publisher:

Visicom Media Inc.

Product:

DLSecure Toolbar

Description:

DLSecure Toolbar Installer

Version:

1.0

MD5:

00a70059e1ad3c9d471b6ec78d6890fc

SHA-1:

4d7452e6fd150fd64468bc3b15092e5163520d76

SHA-256:

35f0c7fc71cf63270f43e92d369309dd0260eb72372177bcb4856a521864725f

Scanner detections:

11 / 68

Status:

Adware

Explanation:

The setup program may install a variant of the Visicom Toolbar, a web browser extension that may modify the browser's home and search pages.

Analysis date:

4/26/2024 8:19:06 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

PUA.Win32.Visicom

4.0.3.15328

Dr.Web

Adware.Shopper.489

9.0.1.087

ESET NOD32

Win32/Toolbar.Visicom.A potentially unwanted (variant)

9.11144

Fortinet FortiGate

Riskware/Visicom

3/28/2015

herdProtect (fuzzy)

variant of Не подтверждено 37034.~ (Adware)

2015.7.2.19

Kaspersky

not-a-virus:WebToolbar.Win32.Agent

14.0.0.2279

Malwarebytes

PUP.Optional.DLSecure.A

v2015.03.28.04

McAfee

Artemis!00A70059E1AD

5600.6813

NANO AntiVirus

Riskware.Nsis.Adware.dmihbl

0.30.0.65070

Reason Heuristics

PUP.Installer.Visicom

15.3.28.5

Trend Micro House Call

Suspicious_GEN.F47V0201

7.2.87

File size:

4 MB (4,194,840 bytes)

Product version:

1.0.1.5

Trademarks:

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\dlsecuretb_1.0.1.5.exe

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:cg6nAj3FWRYOca/CTXfvVwrB4zRPfFtS66QdIxgBc:cnUWRYeovtPfHSnQdIx9

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file dlsecuretb_1.0.1.5.exe has been seen being distributed by the following URL.

http://www.idownloadplay.com/.../dlsecureTb_1.0.1.5.exe

Remove dlsecuretb_1.0.1.5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.