home

xams.exe

Constant Guard Anti-Malware

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application xams.exe, “Constant Guard Anti-Malware Service” has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Constant Guard Anti-Malware”. This file is typically installed with the program Constant Guard Anti-Malware by Comcast.
Publisher:
Visicom Media Inc.

Product:
Constant Guard Anti-Malware

Description:
Constant Guard Anti-Malware Service

Version:
1.0.0.5

MD5:
ab2334d75d85926144200801170f81f8

SHA-1:
68b67cdb18478496774556bd38d21d5e6dcfe9cc

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 7:53:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Service.VisicomMedia.E
14.11.24.20

File size:
828.5 KB (848,384 bytes)

Product version:
1.0.0.5

Copyright:
Copyright (C) 2014

Original file name:
xams.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\constant guard anti-malware\xams.exe

File PE Metadata
Compilation timestamp:
7/31/2014 2:21:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
12288:UfCLk7ggIf6l7GcYUlTKfzCDAI4m7imCtIyjDIlfsdwbiqsX7Pbf:UfCLk7ggIfQ7dTKfzCDZF7sDKFsff

Entry address:
0x80794

Entry point:
E8, E9, B0, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, A0, E0, 4B, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, 62, 63, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, F8, 50, 00, 00, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Entropy:
6.5700

Code size:
637 KB (652,288 bytes)

Service
Display name:
Constant Guard Anti-Malware

Service name:
ConstantGuardAntiMalwareService

Type:
Win32OwnProcess

Depends on:
CAAMSvc


The file xams.exe has been discovered within the following program.

Constant Guard Anti-Malware  by Comcast
56% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-201-103-131.deploy.static.akamaitechnologies.com  (23.201.103.131:80)

TCP (HTTP):
Connects to a96-6-113-34.deploy.akamaitechnologies.com  (96.6.113.34:80)

TCP (HTTP):
Connects to a23-67-253-162.deploy.static.akamaitechnologies.com  (23.67.253.162:80)

TCP (HTTP):
Connects to a23-3-105-11.deploy.static.akamaitechnologies.com  (23.3.105.11:80)

TCP (HTTP):
Connects to a184-84-180-123.deploy.static.akamaitechnologies.com  (184.84.180.123:80)

TCP (HTTP):
Connects to a184-84-180-116.deploy.static.akamaitechnologies.com  (184.84.180.116:80)

TCP (HTTP):
Connects to a184-51-126-107.deploy.static.akamaitechnologies.com  (184.51.126.107:80)

Remove xams.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.