home

ffHelper.exe

ffHelper Application

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application ffHelper.exe, “Helper Application for IE” by Visicom Media has been detected as a potentially unwanted program by 4 anti-malware scanners.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
ffHelper Application

Description:
Helper Application for IE

Version:
1, 0, 0, 13

MD5:
f3dcaeccaeb6a2a823d01f3836fa83d6

SHA-1:
45f605ae7f38561860801f08306fa60f94f4fb48

SHA-256:
a9a005d0513fb3739f48f5c02575a20ea991c82ee57d3a1edd0c54f3e8d3bd52

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 4:33:00 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Visicom
2015.0.3311

Emsisoft Anti-Malware
Gen:Variant.Symmi.10233
8.14.10.25.10

Reason Heuristics
PUP.HelperApplicationforIE.VisicomMedia.I
14.10.25.10

Trend Micro House Call
Suspicious_GEN.F47V0702
7.2.298

File size:
102.3 KB (104,712 bytes)

Product version:
1, 0, 0, 13

Copyright:
Copyright (c) 2013

Original file name:
ffHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\bttb\ffhelper.exe

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Thawte, Inc.

Valid from:
5/8/2014 1:00:00 AM

Valid to:
6/21/2016 12:59:59 AM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
266F9E30991B0C3EFC03DA9B8CDDB68D

File PE Metadata
Compilation timestamp:
11/20/2013 9:34:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:G0IIL3RaFLdMGdWqK6JtV9t4MQ+xC62fBhiYd:G0DL3RaFLyGdWoPlvC62f/d

Entry address:
0x38CE

Entry point:
E8, 88, 3A, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 28, 57, 41, 00, 89, 0D, 24, 57, 41, 00, 89, 15, 20, 57, 41, 00, 89, 1D, 1C, 57, 41, 00, 89, 35, 18, 57, 41, 00, 89, 3D, 14, 57, 41, 00, 66, 8C, 15, 40, 57, 41, 00, 66, 8C, 0D, 34, 57, 41, 00, 66, 8C, 1D, 10, 57, 41, 00, 66, 8C, 05, 0C, 57, 41, 00, 66, 8C, 25, 08, 57, 41, 00, 66, 8C, 2D, 04, 57, 41, 00, 9C, 8F, 05, 38, 57, 41, 00, 8B, 45, 00, A3, 2C, 57, 41, 00, 8B, 45, 04, A3, 30, 57, 41, 00, 8D, 45, 08, A3, 3C, 57, 41...
 
[+]

Entropy:
6.6867

Code size:
57.5 KB (58,880 bytes)

Remove ffHelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.