home

VisualBeeRecovery.exe

VisualBeeRecovery

Visual Software Systems LTD

The application VisualBeeRecovery.exe by Visual Software Systems has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named VisualBeeRecovery triggered to execute each time a user logs in.
Publisher:
Visual Software Systems LTD  (signed and verified)

Product:
VisualBeeRecovery

Version:
1.0.2051.0

MD5:
4b61dc3477039330cdcebd606ea1d561

SHA-1:
790785abf95747d5b70b0088c02bd7ed8f50fc97

SHA-256:
17e17191f8be38793445b6edf2b1252d1c5c8e46371556d4ec5c656632a80341

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 6:36:50 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Task.VisualSoftwareSystems.R
14.2.20.17

File size:
19 KB (19,504 bytes)

Product version:
1.0.2051.0

Copyright:
Copyright © 2012

Original file name:
VisualBeeRecovery.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\visualbeeexe\visualbeerecovery.exe

Digital Signature
Signed by:
Visual Software Systems LTD

Authority:
Thawte, Inc.

Valid from:
12/27/2011 1:00:00 AM

Valid to:
10/18/2012 1:59:59 AM

Subject:
CN=Visual Software Systems LTD, O=Visual Software Systems LTD, L=Tel-Aviv, S=Tel-Aviv, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
09E4492A046CE32FA35C4429A76A868F

File PE Metadata
Compilation timestamp:
3/13/2012 7:08:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
192:gWUp6/EUnu6Z0KIsIPHPNrYxdC+NKZmTI2PSAab6vayowJL/VVe8k3Lou7+wM+J:tVtnLUvFrYxZMZmTF2JYJL3tuZ

Entry address:
0x435E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
9 KB (9,216 bytes)

Scheduled Task
Task name:
VisualBeeRecovery

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to a23-50-155-27.deploy.static.akamaitechnologies.com  (23.50.155.27:80)

Remove VisualBeeRecovery.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.