home

SearchProtection.exe

Search Protection

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application SearchProtection.exe has been detected as adware by 37 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Search Protection’. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
Publisher:
Visicom Media Inc.

Product:
Search Protection

Version:
2,0,5,00

MD5:
17a656a14cef2be056362de439878081

SHA-1:
9e19fda9dc4a144bd8a447e3c28400eff594cb6d

SHA-256:
70272bc02c4da3e935bea07d340072429fb902c756df01593c093b3b54398e8c

Scanner detections:
37 / 68

Status:
Adware

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/26/2024 3:52:46 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
927

Agnitum Outpost
Win32.Sality.BL
7.1.1

AhnLab V3 Security
Win32/Kashu.E
2014.07.24

Avira AntiVirus
W32/Sality.AT
7.11.30.172

avast!
Win32:SaliCode
140617-1

AVG
Win32/Sality
2014.0.3986

Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.14723

Bitdefender
Win32.Sality.3
1.0.20.1020

Bkav FE
W32.Sality.PE
1.3.0.4959

Comodo Security
Virus.Win32.Sality.Gen
18948

Dr.Web
Adware.BGuard.52, Win32.Sector.22
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
8.14.07.23.11

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
11.2014-23-07_4

G Data
Win32.Sality
14.7.24

IKARUS anti.virus
Virus.Win32.Sality
t3scan.1.6.1.0

K7 AntiVirus
Virus
13.181.12819

Kaspersky
Virus.Win32.Sality
15.0.0.494

McAfee
W32/Sality.gen.z
5600.7061

Microsoft Security Essentials
Threat.Undefined
1.179.842.0

MicroWorld eScan
Win32.Sality.3
15.0.0.612

NANO AntiVirus
Virus.Win32.Sality.beygb
0.28.2.60990

Norman
Sality.ZHB
11.20140723

nProtect
Virus/W32.Sality.D
14.07.23.01

Panda Antivirus
W32/Sality.AA
14.07.23.11

Qihoo 360 Security
Malware.QVM19.Gen
1.0.0.1015

Quick Heal
W32.Sality.U
7.14.14.00

Reason Heuristics
PUP.Startup.VisicomMedia.Q
14.10.1.11

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.14721

Sophos
Mal/Sality-D
4.98

Total Defense
Win32/Sality.AA
37.0.11076

Trend Micro House Call
PE_SALITY.RL
7.2.204

Trend Micro
PE_SALITY.RL
10.465.23

Vba32 AntiVirus
Virus.Win32.Sality.bakc
3.12.26.3

VIPRE Antivirus
Threat.4721115
31208

ViRobot
Win32.Sality.N
2011.4.7.4223

File size:
958 KB (980,992 bytes)

Product version:
2,0,5,00

Copyright:
(c) 2013 Visicom Media Inc. All rights reserved.

Original file name:
SearchProtection.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Application data\search protection\searchprotection.exe

File PE Metadata
Compilation timestamp:
6/5/2013 1:16:09 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:HEnRN28OVh8p5+/gjZupEYYZrrWAPEfl9zbwVyt/C7/Zt/lotQr9RZZMuq5LRf85:HE728SSp5+/lArjSnjA9RUuq5e

Entry address:
0x837CD

Entry point:
BB, A4, 7D, F2, 22, 81, F3, CF, 03, 61, 0D, 4A, 85, F6, 8B, DB, 09, CA, 28, E4, 0F, AF, FA, BE, 43, 34, 86, 29, 0B, E9, C6, C7, EA, 2B, CD, 70, 08, 81, E7, 40, CB, E5, C4, 39, FE, C7, C6, 0C, 2B, AE, C4, 4F, 68, 09, 53, AC, 00, 50, 8B, EA, F6, C1, A4, 0F, AF, D7, FF, C9, E8, 22, 00, 00, 00, 74, 06, 8D, 0D, 79, 64, 9C, E1, 33, EB, F6, C7, 07, 88, FE, F2, 0F, AF, DB, F7, C6, 20, AE, 9C, 93, 35, 13, C2, 00, 00, 1B, F0, 85, DD, 59, B6, 8D, 69, F8, C7, D5, 0D, C6, 30, CB, FE, C8, 87, D0, 8B, F7, 77, 06, F3, F6...
 
[+]

Entropy:
6.5153

Code size:
641.5 KB (656,896 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Search Protection

Command:
C:\Documents and Settings\{user}\Application data\search protection\searchprotection.exe


Remove SearchProtection.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.