» verizontb_6.0.0.33.exe
Overview
Analysis
File Details
Downloads (4)

verizontb_6.0.0.33.exe

Verizon Toolbar

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application verizontb_6.0.0.33.exe, “Verizon Toolbar Installer” by Visicom Media has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.verizon.com and multiple other hosts.

File name:

Publisher:

Verizon and Visicom Media Inc. (signed by Visicom Media Inc.)

Product:

Verizon Toolbar

Description:

Verizon Toolbar Installer

Version:

6.0

MD5:

78429b8ccc59d19c73ea5c4b1dd8be29

SHA-1:

24df54be94c3465098a0735a7469f67e97063698

SHA-256:

a34efc4c8c9275b4ed6e5b3a249e7765f61901d54c31113872f3d740135ad26f

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

The setup program may install a variant of the Visicom Toolbar, a web browser extension that may modify the browser's home and search pages.

Analysis date:

4/24/2024 5:19:09 AM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Adware.VerizonToolbarInstaller.VisicomMedia.P

2013.7.22.1

ESET NOD32

Win32/Toolbar.Visicom (variant)

7.9279

Reason Heuristics

PUP.VerizonToolbarInstaller.VisicomMedia.P

14.8.7.19

File size:

1 MB (1,090,400 bytes)

Product version:

6.0.0.33

Trademarks:

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\verizontb_6.0.0.33.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

6/23/2010 8:00:00 PM

Valid to:

6/21/2012 7:59:59 PM

Subject:

CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

73C74D9445094BFD79759F7B9CAFD730

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:qkPE3bH1NexCl0s7QavMvXP0mTjPgiuyxl0Ti5wmGgwtbYRzgJO:VELVNew3REvX3jzluaiSRz7

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9824 (probably packed)

Code size:

23 KB (23,552 bytes)

The file verizontb_6.0.0.33.exe has been seen being distributed by the following 4 URLs.

http://www.verizon.com/foryourhome/myaccount/unprotected/toolbar/.../verizonTb_6.0.0.33.exe

https://www.verizon.com/foryourhome/myaccount/unprotected/toolbar/.../verizonTb_6.0.0.33.exe

https://www22.verizon.com/foryourhome/MyAccount/Unprotected/Toolbar/.../verizonTb_6.0.0.33.exe

http://www22.verizon.com/foryourhome/myaccount/unprotected/toolbar/.../verizonTb_6.0.0.33.exe

Remove verizontb_6.0.0.33.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.