» dtuser.exe
Overview
Analysis
File Details
Programs (1)

dtuser.exe

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application dtuser.exe by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the Mozilla Firefox web browser as part of an addin/plugin. This file is typically installed with the program MyStart Toolbar by Visicom Media inc. which is a potentially unwanted software program.

File name:

dtuser.exe

Publisher:

Visicom Media Inc. (signed and verified)

Description:

DtUser

Version:

1, 0, 0, 98

MD5:

5e5c1daf517e3682d9bcd6e895a74556

SHA-1:

4bb14c47f1b88e810d63d46ab9766a988f2e1753

SHA-256:

99cd6f5a8bc368e9f2d1de83a3a12ecad3dd8937416e528385370bc7ceecb187

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/23/2024 5:01:30 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Visicom.VisicomMedia (M)

16.2.6.21

File size:

495.1 KB (506,944 bytes)

Product version:

1, 0, 0, 98

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\mozilla\firefox\profiles\{user}.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c}\dtuser.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Thawte, Inc.

Valid from:

4/18/2012 9:00:00 AM

Valid to:

6/22/2014 8:59:59 AM

Subject:

CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2B19B54BB7ABEE1A2623111C029AF449

File PE Metadata

Compilation timestamp:

7/9/2013 10:37:24 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:boGdMpvLJ9sHH+ED2pG9mktc9jm5F7jTrwQE:boSMpvN6+kUktc9jYF3TrwQE

Entry address:

0x1CD4D

Entry point:

E8, 17, 86, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 8B, 07, 00, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, 51, E8, FF, 86, 00, 00, 59, 59, 5D, C2, 04, 00, 8B, FF, 51, C7, 01, D8, 93, 45, 00, E8, 7B, 86, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, B8, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, 51, E8, 52, 88, 00, 00, 59, 59, 5D, C2, 04, 00, 8B, FF, 51, E8, A1, 87, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08... 
[+]

Code size:

304.5 KB (311,808 bytes)

The file dtuser.exe has been discovered within the following program.

MyStart Toolbar by Visicom Media inc.

MyStart Toolbar is a Visicom Media (VMN) toolbar that integrates with major web browsers including Google Chrome, Firefox and Internet Explorer.

apps.mystart.com

85% remove it

Remove dtuser.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.