home

snapau.dll

Snap Toolbar

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module snapau.dll, “Snap Toolbar Security Helper” by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Updater For Snap Toolbar’.
Publisher:
Visicom Media  (signed by Visicom Media Inc.)

Product:
Snap Toolbar

Description:
Snap Toolbar Security Helper

Version:
1.0.0.18

MD5:
b32acc4ba6f255963b8629ccd0c54a52

SHA-1:
9f344cf7063d2c14580ea2692977337feb08210d

SHA-256:
1c13fa4d77ee9fffc6b08ae40239d952c6976813423692e729d8f5de5033f780

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/24/2024 2:52:47 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Visicom.VisicomMedia.Toolbar (M)
16.2.14.18

File size:
256.2 KB (262,312 bytes)

Product version:
1.0.0.18

Copyright:
© 2010 Visicom Media Inc.

Original file name:
AuxBHO.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\snaptb\auxi\snapau.dll

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
6/23/2010 7:00:00 PM

Valid to:
6/21/2012 6:59:59 PM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
73C74D9445094BFD79759F7B9CAFD730

File PE Metadata
Compilation timestamp:
3/26/2010 12:36:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:GMmh+n1mLDNMXeTF3Qllzr59sIprrS2uydx8aIrdoxP0Q54kBULTE:GyWgl9dCIM3yb8aj6RkAo

Entry address:
0x1B536

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 53, B5, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, 68, 70, 88, 01, 10, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 18, AE, 03, 10, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, C3...
 
[+]

Entropy:
6.5792

Code size:
189.5 KB (194,048 bytes)

Internet Explorer BHO
Display name:
Updater For Snap Toolbar

CLSID:
{57ccade8-b1cc-4848-9375-533b43f214c2}


Remove snapau.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.