» panda_url_filteringd.sys
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

panda_url_filteringd.sys

Anti-phishing Domain Advisor

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The file panda_url_filteringd.sys, “Visicom Media Anti-phishing Domain Advisor (Powered by Panda Security)” by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows 64-bit kernel mode device driver named “panda_url_filteringd driver”. This file is typically installed with the program Panda Security URL Filtering by Panda Security.

File name:

Publisher:

Visicom Media Inc. (signed and verified)

Product:

Anti-phishing Domain Advisor

Description:

Visicom Media Anti-phishing Domain Advisor (Powered by Panda Security)

Version:

2, 0, 0, 0

MD5:

6925454e20b184e482cd65f297d51db5

SHA-1:

a6ac99794c066b5a175d9f54c840d4c11f2fc549

SHA-256:

9386542e9b20c370fcb275c7f8005dad45c86bbc2f7b8db3552fa49b474c5eed

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/24/2024 1:11:41 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.VisicomMedia.X

14.10.1.11

File size:

50.1 KB (51,288 bytes)

Product version:

2.0

File type:

Driver (Win64 SYS)

Common path:

C:\ProgramData\panda security url filtering\panda_url_filteringd.sys

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

GlobalSign nv-sa

Valid from:

11/8/2013 11:44:29 PM

Valid to:

11/9/2014 11:44:29 PM

Subject:

E=sysadmin@vmn.net, CN=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11211539982821E53DCB554103CE4CFB4C45

File PE Metadata

Compilation timestamp:

3/20/2014 5:23:04 AM

OS version:

6.2

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

11.0

CTPH (ssdeep):

768:2h3ga0g0Vc/38PoPBl1Q8tCqqC6A1xcyNCiFYX8Jby+ClVFo24rmsgQPrIzP:2VN56o5lTZ6AN3FolVFofP4P

Entry address:

0xC070

Entry point:

48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, 83, FF, FF, FF, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, 6E, 4F, FF, FF, CC, CC, 80, C2, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8C, C6, 00, 00, 90, 91, 00, 00, 40, C1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DC, CA, 00, 00, 50, 90, 00, 00, F0, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D4, CB, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.2754

Code size:

35 KB (35,840 bytes)

Driver

Display name:

panda_url_filteringd driver

Service name:

panda_url_filteringd

Type:

Kernel device driver (KernelDriver)

The file panda_url_filteringd.sys has been discovered within the following programs.

Panda Security URL Filtering by Panda Security

The Panda Security Toolbar is a free optional toolbar that comes with Panda Cloud. The toolbar provides web filtering along with some features that may come in handy for users. The toolbar works on Internet Explorer and Firefox only.

60% remove it

Remove panda_url_filteringd.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.