» register.exe
Overview
Analysis
File Details

register.exe

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application register.exe by Visicom Media has been detected as a potentially unwanted program by 2 anti-malware scanners.

File name:

Publisher:

Visicom Media Inc. (signed and verified)

MD5:

160348802d5bf65084078d29267883c3

SHA-1:

e8827e7fc4ff27908624855c3d60082dcfe0cbb7

SHA-256:

e0494df3d3bca5c0ba6f4ec9f103db3a06efa43eca84dc7f8a0d6a35880f9a1f

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 4:52:58 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Xbarre

9.0.1.0332

Reason Heuristics

PUP.Visicom.VisicomMedia (M)

15.11.28.8

File size:

68.7 KB (70,368 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\comcasttoolbar\register.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

5/30/2006 8:00:00 PM

Valid to:

6/21/2007 7:59:59 PM

Subject:

CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

46009F112341EB9E47AD9A71D868DC95

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

1536:HNtY4MeEwEm+ql5f1tumCiEocpOCsyQxEOznoU:HE4MJBmrH6ipacyQxPnJ

Entry address:

0xE30C

Entry point:

55, 8B, EC, 83, C4, F0, B8, 9C, E2, 40, 00, E8, 44, 6B, FF, FF, 33, C0, 55, 68, 93, E3, 40, 00, 64, FF, 30, 64, 89, 20, BA, 30, 07, 41, 00, B8, 01, 00, 00, 00, E8, 6B, 48, FF, FF, A1, 30, 07, 41, 00, BA, A8, E3, 40, 00, E8, E0, 62, FF, FF, 75, 0A, E8, 51, E2, FF, FF, E8, AC, CE, FF, FF, A1, 30, 07, 41, 00, BA, BC, E3, 40, 00, E8, C5, 62, FF, FF, 75, 0A, E8, 1A, F3, FF, FF, E8, 91, CE, FF, FF, A1, 30, 07, 41, 00, BA, D0, E3, 40, 00, E8, AA, 62, FF, FF, 75, 05, E8, D3, FD, FF, FF, 33, C0, 5A, 59, 59, 64, 89... 
[+]

Entropy:

6.6363

Developed / compiled with:

Microsoft Visual C++

Code size:

53 KB (54,272 bytes)

Remove register.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.