home

tmp00016790

ManyCam Virtual Webcam

GTE Corporation

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The file tmp00016790 by GTE has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Visicom Media Inc.  (signed by GTE Corporation)

Product:
ManyCam Virtual Webcam

Version:
5.0.5.2

MD5:
205ab3fe3036b6c7a10f4cd120743840

SHA-1:
26cd9f4ae7e38d65095fda0d5677a859e0ea3f8b

SHA-256:
b32a071a0c822a6f4f3f29a6de328da56ee24659dd90d6f79b338978b4846952

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 7:30:51 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Visicom
17.3.6.21

File size:
19 MB (19,943,424 bytes)

Product version:
5.0.5.2

Copyright:
(c) 2006-2015 Visicom Media Inc.

Original file name:
ManyCam.exe

Language:
English (United States)

Common path:
C:\windows\temp\tmp0000050b\tmp00016790

Digital Signature
Signed by:
GTE Corporation

Authority:
GTE Corporation

Valid from:
8/13/1998 8:29:00 AM

Valid to:
8/14/2018 7:59:00 AM

Subject:
CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Issuer:
CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

Serial number:
01A5

File PE Metadata
Compilation timestamp:
9/23/2015 2:06:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1302000

Entry point:
EB, 08, 0F, 1C, 92, 00, 00, 00, 00, 00, E9, 00, 20, 00, 00, 54, 41, 47, 47, 00, 20, 00, 00, C1, 1B, 00, 00, 01, 00, 30, 82, 1B, BD, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 02, A0, 82, 1B, AE, 30, 82, 1B, AA, 02, 01, 01, 31, 09, 30, 07, 06, 05, 2B, 0E, 03, 02, 1A, 30, 82, 0F, 20, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 01, A0, 82, 0F, 11, 04, 82, 0F, 0D, D0, 00, 01, 00, 01, C1, B1, A1, 02, 00, 03, 00, 08, 00, 00, 00, 26, 00, 00, 00, 01, 00, 14, E9, 11, EB, 7D, 41, F7, 6A, BD, EE, 68, 7F, FE, 9D, 69, D0, 34...
 
[+]

Entropy:
7.1044

Code size:
3.9 MB (4,077,056 bytes)

Remove tmp00016790 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.