home

file2linkx.dll

dtx Dynamic Link Library

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module file2linkx.dll, “dtx Dynamic Link Library” by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Findamo’.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
dtx Dynamic Link Library

Description:
dtx Dynamic Link Library

Version:
1, 0, 0, 20

MD5:
ba2565396c7db1a36ec8147c0a37facf

SHA-1:
ac6fc78e14e940e1489cf56499500c95bf74400e

SHA-256:
f68064697a4910b5d0fed4243a88ab9b490320f31d8273c946859c84a2561710

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/18/2024 10:40:35 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Visicom.VisicomMedia (M)
16.2.12.10

File size:
83.3 KB (85,288 bytes)

Product version:
1, 0, 0, 20

Copyright:
Copyright 2010 Visicom Media Inc.

Original file name:
dtx.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\findamo\file2linkx.dll

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
6/24/2010 2:00:00 AM

Valid to:
6/22/2012 1:59:59 AM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
73C74D9445094BFD79759F7B9CAFD730

File PE Metadata
Compilation timestamp:
7/15/2010 5:21:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
1536:gNznD/GJR0M0DV0X9Umxe2OG8pixJkGCl6klluPPw53DnUg:gdnDVM0I962Ol6klluPPGDnV

Entry address:
0x4C36

Entry point:
6A, 0C, 68, C0, D5, 00, 10, E8, 6A, 05, 00, 00, 33, C0, 40, 89, 45, E4, 8B, 75, 0C, 33, FF, 3B, F7, 75, 0C, 39, 3D, 98, 0F, 01, 10, 0F, 84, B3, 00, 00, 00, 89, 7D, FC, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, CC, 27, 01, 10, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 22, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, F9, DB, FF, FF, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
48 KB (49,152 bytes)

Internet Explorer BHO
CLSID:
{c74d3b42-aaba-4d02-8135-aab14c420e4b}

CLSID name:
Findamo


Remove file2linkx.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.