home

ffHelper.exe

ffHelper Application

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application ffHelper.exe, “Helper Application for IE” by Visicom Media has been detected as a potentially unwanted program by 5 anti-malware scanners.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
ffHelper Application

Description:
Helper Application for IE

Version:
1, 0, 0, 13

MD5:
55dec7b86067d8e506299b0907c55272

SHA-1:
473b709c7173c4a427aaacf888f20b0391dfc50c

SHA-256:
17fe5394526954a92f01af9488b5590f539c856a53f3b4dae11276c570bffe8d

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 11:33:37 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Visicom
2017.0.2862

Boost by Reason
Optional.VisicomMedia
188838

Emsisoft Anti-Malware
Gen:Variant.Symmi.10233
8.16.01.16.05

Reason Heuristics
PUP.Visicom.VisicomMedia (M)
16.1.16.17

Trend Micro House Call
Suspicious_GEN.F47V0702
7.2.16

File size:
102.3 KB (104,712 bytes)

Product version:
1, 0, 0, 13

Copyright:
Copyright (c) 2013

Original file name:
ffHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mystarttb\ffhelper.exe

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Thawte, Inc.

Valid from:
5/7/2014 8:00:00 PM

Valid to:
6/20/2016 7:59:59 PM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
266F9E30991B0C3EFC03DA9B8CDDB68D

File PE Metadata
Compilation timestamp:
11/20/2013 4:34:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:N0IIL3RaFLdMGdWqK6JtV9t4MQ+xC62fBhiY+:N0DL3RaFLyGdWoPlvC62f/+

Entry address:
0x38CE

Entry point:
E8, 88, 3A, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 28, 57, 41, 00, 89, 0D, 24, 57, 41, 00, 89, 15, 20, 57, 41, 00, 89, 1D, 1C, 57, 41, 00, 89, 35, 18, 57, 41, 00, 89, 3D, 14, 57, 41, 00, 66, 8C, 15, 40, 57, 41, 00, 66, 8C, 0D, 34, 57, 41, 00, 66, 8C, 1D, 10, 57, 41, 00, 66, 8C, 05, 0C, 57, 41, 00, 66, 8C, 25, 08, 57, 41, 00, 66, 8C, 2D, 04, 57, 41, 00, 9C, 8F, 05, 38, 57, 41, 00, 8B, 45, 00, A3, 2C, 57, 41, 00, 8B, 45, 04, A3, 30, 57, 41, 00, 8D, 45, 08, A3, 3C, 57, 41...
 
[+]

Entropy:
6.6866

Code size:
57.5 KB (58,880 bytes)

Remove ffHelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.