home

zgame_antiphishing.exe

ZGame Anti-Phishing Domain Advisor (Powered by Panda Security)

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application zgame_antiphishing.exe by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ZGame Anti-Phishing Domain’.
Publisher:
blekko  (signed by Visicom Media Inc.)

Product:
ZGame Anti-Phishing Domain Advisor (Powered by Panda Security)

Version:
1, 0, 0, 0

MD5:
b9e6fabf165396c72590e32638418a1e

SHA-1:
a04f36935fd6f99861fd9a9440f4a6a103573faa

SHA-256:
de4ecd1e567d6b28e46a2f3d863efbbde1bfab5556e7ccd95fe776a3f46c5354

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/27/2024 3:54:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Startup.VisicomMedia.S
14.8.7.19

File size:
229.6 KB (235,072 bytes)

Product version:
1.0

Copyright:
Copyrights (C) 2013 Visicom Media Inc.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\zgame anti-phishing domain\zgame_antiphishing.exe

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Thawte, Inc.

Valid from:
4/18/2012 7:00:00 AM

Valid to:
6/22/2014 6:59:59 AM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B19B54BB7ABEE1A2623111C029AF449

File PE Metadata
Compilation timestamp:
6/15/2013 1:29:12 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:3E2zcKmMEiki96f7vXBMEiaQ4lHKJ8sYEUY6GlP6TwTlxnBj51MWMCpwkk8FvLtV:023XEgC+EiaQ8HK5YlzkVjyMwkgRDkr

Entry address:
0x12B02

Entry point:
E8, D8, 7E, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C...
 
[+]

Entropy:
6.3214

Code size:
129.5 KB (132,608 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ZGame Anti-Phishing Domain

Command:
"C:\ProgramData\zgame anti-phishing domain\zgame_antiphishing.exe"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to visicom-101.nationalnet.com  (69.50.130.31:80)

TCP (HTTP):
Connects to visicom-102.nationalnet.com  (69.50.130.33:80)

TCP (HTTP):
Connects to cache.google.com  (82.76.79.123:80)

TCP (HTTP):
Connects to fm-dyn-111-95-240-46.fast.net.id  (111.95.240.46:80)

TCP (HTTP):
Connects to fm-dyn-111-95-240-123.fast.net.id  (111.95.240.123:80)

TCP (HTTP):
Connects to fm-dyn-111-94-248-18.fast.net.id  (111.94.248.18:80)

TCP (HTTP):
Connects to 41.216.127.173.liquidtelecom.net  (41.216.127.173:80)

TCP (HTTP):
Connects to 41.216.127.170.liquidtelecom.net  (41.216.127.170:80)

Remove zgame_antiphishing.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.