home

dlsecuretb_1.0.4.1.exe

DLSecure Toolbar

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application dlsecuretb_1.0.4.1.exe, “DLSecure Toolbar Installer” has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.usearchmedia.com.
Publisher:
Visicom Media Inc.

Product:
DLSecure Toolbar

Description:
DLSecure Toolbar Installer

Version:
1.0

MD5:
950d568c236b1375583a2fad69c4d0b4

SHA-1:
6e057e71e6291bee46ec7710a2cecbe67b914ec7

SHA-256:
dedcbf922bc622d7bd97a6e3b86119e927027c8424900293a74ef8556c6050ba

Scanner detections:
16 / 68

Status:
Adware

Explanation:
The setup program may install a variant of the Visicom Toolbar, a web browser extension that may modify the browser's home and search pages.

Analysis date:
4/26/2024 10:23:37 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
PUP-gen [PUP]
150319-1

AVG
Generic
2016.0.3131

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/Toolbar.Visicom.A potentially unwanted (variant)
9.11517

Fortinet FortiGate
Riskware/Agent
4/22/2015

IKARUS anti.virus
not-a-virus:WebToolbar.MyStartTB
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.203.15680

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
15.0.0.543

Malwarebytes
PUP.Optional.DLSecure.A
v2015.04.22.08

McAfee
Trojan.Artemis!B1227836FFC1
16.8.708.2

NANO AntiVirus
Riskware.Win32.InstallToolbar.dpqueo
0.30.20.1219

Reason Heuristics
Threat.Installer.Visicom
15.4.22.16

Sophos
Generic PUA CG
4.98

Trend Micro House Call
TROJ_GE.1F9030B0
7.2.112

Trend Micro
TROJ_GE.1F9030B0
10.465.22

Zillya! Antivirus
Adware.Agent.Win32.45284
2.0.0.2148

File size:
4.1 MB (4,325,376 bytes)

Product version:
1.0.4.1

Copyright:
© Visicom Media Inc.

Trademarks:
Visicom Media Inc., All Rights Reserved

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\dlsecuretb_1.0.4.1.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:cs7Flkdcf22JsopFf5DbVIBQF5pPrJR1FCjA91leSFQ2l1a4j1:5rkdsxJN35fJrcSK2l13j1

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file dlsecuretb_1.0.4.1.exe has been seen being distributed by the following URL.

http://www.usearchmedia.com/.../dlsecureTb_1.0.4.1.exe

Remove dlsecuretb_1.0.4.1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.