» visicom_antiphishing.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (2)

visicom_antiphishing.exe

Anti-phishing Domain Advisor

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application visicom_antiphishing.exe, “Visicom Media Anti-phishing Domain Advisor (Powered by Panda Security)” by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Anti-phishing Domain Advisor’. This file is typically installed with the program Anti-phishing Domain Advisor by Visicom Media Inc. which is a potentially unwanted software program.

File name:

Publisher:

Visicom Media Inc. (Powered by Panda Security) (signed by Visicom Media Inc.)

Product:

Anti-phishing Domain Advisor

Description:

Visicom Media Anti-phishing Domain Advisor (Powered by Panda Security)

Version:

1, 0, 1, 15

MD5:

ced7192f1544ba04c7655285f33cfcec

SHA-1:

616fa30322030a976f3afcd45d62601995cd7995

SHA-256:

7f9e95acf7e4341a90089b90ed9468f3c6649419dd4fc22c4ff3c36d9d452e98

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/19/2024 2:14:26 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Visicom.VisicomMedia (M)

16.2.14.9

File size:

226.7 KB (232,104 bytes)

Product version:

1.0

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\anti-phishing domain advisor\visicom_antiphishing.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

6/24/2010 9:00:00 AM

Valid to:

6/22/2012 8:59:59 AM

Subject:

CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

73C74D9445094BFD79759F7B9CAFD730

File PE Metadata

Compilation timestamp:

2/12/2011 6:07:47 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:AWUG6l1i2RMVGzBaTRZ5E8PIlpq+nisT24Y+Wfxf6xM5tOWMCpwkk8FvLcDpyM:AXplc68igR/E8Cpd5FfNxYEMwkuJ

Entry address:

0x122B2

Entry point:

E8, D8, 7E, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C... 
[+]

Entropy:

6.3145

Code size:

127 KB (130,048 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Anti-phishing Domain Advisor

Command:

"C:\ProgramData\anti-phishing domain advisor\visicom_antiphishing.exe"

The file visicom_antiphishing.exe has been discovered within the following program.

Anti-phishing Domain Advisor by Visicom Media Inc.

The Visicom Anti-phishing Domain Advisor Toolbar, powered by Panda Security, will analyze the current web sites you are visiting against a URL database and determine if the site is a potential phishing threat.

software.visicommedia.com/en/products/antiphishing

82% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to visicom-102.nationalnet.com (69.50.130.33:80)

TCP (HTTP):

Connects to visicom-101.nationalnet.com (69.50.130.31:80)

Remove visicom_antiphishing.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.