» mystartDx64.dll
Overview
Analysis
File Details

mystartDx64.dll

MyStart Toolbar

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module mystartDx64.dll, “MyStart Toolbar Link Library” by Visicom Media has been detected as a potentially unwanted program by 6 anti-malware scanners.

File name:

mystartDx64.dll

Publisher:

Visicom Media Inc. (signed and verified)

Product:

MyStart Toolbar

Description:

MyStart Toolbar Link Library

Version:

1, 0, 0, 22

MD5:

142a9593eb1f8227b2929c4517641636

SHA-1:

6609e688de4018e90041378986a4b5b9dd80f229

SHA-256:

1c6315e509978d215943fc8c10b9fa246391c29209c0a1a92a2a48c88c2478bf

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 4:46:57 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

AVG

Generic

2017.0.2862

Bkav FE

W64.HfsAdware

1.3.0.6379

Emsisoft Anti-Malware

Android.Adware.Adwo

8.16.01.16.05

Reason Heuristics

PUP.Visicom.VisicomMedia.Toolbar (M)

16.1.16.17

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

9382

File size:

124.3 KB (127,240 bytes)

Product version:

1.0.0.22

Original file name:

mystartDx64.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\Program Files\mystarttb\mystartdx64.dll

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Thawte, Inc.

Valid from:

5/7/2014 8:00:00 PM

Valid to:

6/20/2016 7:59:59 PM

Subject:

CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

266F9E30991B0C3EFC03DA9B8CDDB68D

Registration

CLSID:

{ccb24e92-62c4-4c53-95d2-65f9eed476bc}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

9/11/2013 2:28:06 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:eaNADDYZaEDlSYTO9UEWTfwA6w8H5YeDbHAiJ7pAZn:eaNADDYZaEDlu9UEvA6w8Hme3HrJmx

Entry address:

0x7BD4

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, EF, 5F, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, AB, FE, FF, FF, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 68, 10, 48, 89, 70, 18, 48, 89, 78, 20, 41, 54, 48, 83, EC, 20, 4D, 8B, 51, 38, 48, 8B, F2, 4D, 8B, E0, 41, 8B, 02, 48, 8B, E9, 49, 8B, D1, 48, 03, C0, 48, 8B, CE, 49, 8B, F9, 49, 8D, 5C, C2, 04, 4C, 8B, C3, E8, A2, FB... 
[+]

Entropy:

6.2583

Code size:

81.5 KB (83,456 bytes)

Remove mystartDx64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.