home

trzdf17.tmp

ZGame Anti-Phishing Domain Advisor (Powered by Panda Security)

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The file trzdf17.tmp by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
blekko  (signed by Visicom Media Inc.)

Product:
ZGame Anti-Phishing Domain Advisor (Powered by Panda Security)

Version:
1, 0, 0, 0

MD5:
007666f4539ee9a7c619ee93e408515e

SHA-1:
49fadc46863ec7ed51cbf3cc36887bbccb51d991

SHA-256:
1edba2c8ec2b722e488716fe7977ba63efc70d5a4c25e6d2006cc6daa447a354

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 10:39:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Visicom.VisicomMedia (M)
16.2.10.19

File size:
229.6 KB (235,072 bytes)

Product version:
1.0

Copyright:
Copyrights (C) 2013 Visicom Media Inc.

Language:
English (United States)

Common path:
C:\ProgramData\zgame anti-phishing domain\trzdf17.tmp

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Thawte, Inc.

Valid from:
4/18/2012 7:00:00 AM

Valid to:
6/22/2014 6:59:59 AM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B19B54BB7ABEE1A2623111C029AF449

File PE Metadata
Compilation timestamp:
6/15/2013 1:29:12 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:klP6TwTlxnBj51MWMCpwkk8FvLtDuhfDx+r:nkVjyMwkgRDkr

Entry address:
0x12B02

Entry point:
90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90...
 
[+]

Entropy:
3.3682

Packer / compiler:
PseudoSigner 0.1PENinja 1.31

Code size:
129.5 KB (132,608 bytes)

Remove trzdf17.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.