» wsetup.exe
Overview
Analysis
File Details
Downloads (1)

wsetup.exe

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application wsetup.exe by Visicom Media has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from installer.manycams.com.

File name:

wsetup.exe

Publisher:

Visicom Media Inc. (signed and verified)

MD5:

e9c3b5598f009113bd5c2e8b9735e379

SHA-1:

8267c74b4d6444c9276b8b750e0ff2e375c34e5d

SHA-256:

50c45c6b4baa090bd67c69cc019558dc9b091cd5b0d200c9772b418ab9411f1f

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

The setup program may install a variant of the Visicom Toolbar, a web browser extension that may modify the browser's home and search pages.

Analysis date:

9/30/2025 4:52:05 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Visicom

7.1.1

AVG

Generic

2016.0.2996

Dr.Web

Tool.InstallToolbar.174

9.0.1.0248

ESET NOD32

Win32/Toolbar.Visicom.E potentially unwanted (variant)

9.12169

Reason Heuristics

PUP.Visicom.VisicomMedia.Installer (M)

15.9.5.3

File size:

366.5 KB (375,280 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\wsetup.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Symantec Corporation

Valid from:

2/9/2015 1:00:00 AM

Valid to:

2/9/2017 12:59:59 AM

Subject:

CN=Visicom Media Inc., OU=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

0F7022688814C950B353E71B8D1C1D84

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:GsjlUCR6TFZJ5iLjdxatFWZmxw2h+TJ7FzMvHJkBkvWKqrl1ei6qLdK:VlUc6JZJ5iLJMtFWXGpkBjCqw

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file wsetup.exe has been seen being distributed by the following URL.

http://installer.manycams.com/.../ManyCam_WebCompanion.exe

Remove wsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.