home

panda_url_filteringb.exe

Panda Security URL Filtering

GreenSearchSecurity

The application panda_url_filteringb.exe by GreenSearchSecurity has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “panda_url_filtering Service”. This file is typically installed with the program Panda Security URL Filtering by Panda Security. While running, it connects to the Internet address visicom-101.nationalnet.com on port 80 using the HTTP protocol.
Publisher:
Panda Security  (signed by GreenSearchSecurity)

Product:
Panda Security URL Filtering

Version:
2, 0, 0, 0

MD5:
fe0c19d263f2c07bd79cc037b5ac3afb

SHA-1:
28a16219392b50bc50e721e932fbdeff791783dd

SHA-256:
2509babd2a66708536ccbed9d030e8323ebc2f108442cfc2bd8aa20eaf5f21c1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 1:53:15 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.GreenSearchSecurity.Optional.Meta (L)
16.1.5.0

File size:
289.8 KB (296,760 bytes)

Product version:
2.0

Copyright:
Copyright (c) Panda Security

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\panda security url filtering\panda_url_filteringb.exe

Digital Signature
Signed by:
GreenSearchSecurity

Authority:
VeriSign, Inc.

Valid from:
5/6/2014 8:00:00 PM

Valid to:
5/7/2015 7:59:59 PM

Subject:
CN=GreenSearchSecurity, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=GreenSearchSecurity, L=Montreal, S=Quebec, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
308A16A974A713BAD17FDCAAAA27C1

File PE Metadata
Compilation timestamp:
8/5/2014 11:07:11 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:dSfv75Zqi2cBCUTmdrpHxVoeSQ0lRMwk5I:dSLzU5TVxVnKOwYI

Entry address:
0x1005C

Entry point:
48, 83, EC, 28, E8, 0B, B4, 00, 00, 48, 83, C4, 28, E9, 02, 00, 00, 00, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 30, E8, D8, 2B, 00, 00, 0F, B7, F0, B9, 02, 00, 00, 00, E8, 97, B3, 00, 00, B8, 4D, 5A, 00, 00, 48, 8D, 3D, 63, FF, FE, FF, 66, 39, 05, 5C, FF, FE, FF, 74, 04, 33, DB, EB, 31, 48, 63, 05, 8B, FF, FE, FF, 48, 03, C7, 81, 38, 50, 45, 00, 00, 75, EA, B9, 0B, 02, 00, 00, 66, 39, 48, 18, 75, DF, 33, DB, 83, B8, 84, 00, 00, 00, 0E, 76, 09, 39, 98, F8, 00, 00, 00, 0F, 95, C3, 89...
 
[+]

Entropy:
5.9589

Code size:
140 KB (143,360 bytes)

Service
Display name:
panda_url_filtering Service

Service name:
panda_url_filtering

Description:
Provides Anti-Phishing protection

Type:
Win32OwnProcess


The file panda_url_filteringb.exe has been discovered within the following program.

Panda Security URL Filtering  by Panda Security
The Panda Security Toolbar is a free optional toolbar that comes with Panda Cloud. The toolbar provides web filtering along with some features that may come in handy for users. The toolbar works on Internet Explorer and Firefox only.
60% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to visicom-102.nationalnet.com  (69.50.130.33:80)

TCP (HTTP):
Connects to visicom-101.nationalnet.com  (69.50.130.31:80)

TCP (HTTP):
Connects to host-82-222-160-32.reverse.superonline.net  (82.222.160.32:80)

TCP (HTTP):
Connects to host-82-222-160-17.reverse.superonline.net  (82.222.160.17:80)

TCP (HTTP):
Connects to a23-3-70-10.deploy.static.akamaitechnologies.com  (23.3.70.10:80)

TCP (HTTP):
Connects to a23-2-16-34.deploy.static.akamaitechnologies.com  (23.2.16.34:80)

TCP (HTTP):
Connects to a184-84-244-154.deploy.static.akamaitechnologies.com  (184.84.244.154:80)

TCP (HTTP):
Connects to a184-26-162-90.deploy.static.akamaitechnologies.com  (184.26.162.90:80)

TCP (HTTP):
Connects to a104-86-110-35.deploy.static.akamaitechnologies.com  (104.86.110.35:80)

TCP (HTTP):
Connects to 187.59.4.91.static.host.gvt.net.br  (187.59.4.91:80)

TCP (HTTP):
Connects to 115-167-76-106.wi-tribe.net.pk  (115.167.76.106:80)

TCP (HTTP):
Connects to 115-167-76-104.wi-tribe.net.pk  (115.167.76.104:80)

Remove panda_url_filteringb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.