» Не подтверждено 37034.~
Overview
Analysis
File Details

Не подтверждено 37034.~

DLSecure Toolbar

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The file Не подтверждено 37034.~, “DLSecure Toolbar Installer” has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source.

File name:

Publisher:

Visicom Media Inc.

Product:

DLSecure Toolbar

Description:

DLSecure Toolbar Installer

Version:

1.0

MD5:

755f04bf63a32f0017a302cdcefe4094

SHA-1:

e17d84fdc129b7dc4659986f4e541bc5ba800217

SHA-256:

2f358e7a20bccce95186033195d82ea741686ecb2d5f87f4717ed776b036595f

Scanner detections:

10 / 68

Status:

Adware

Explanation:

The setup program may install a variant of the Visicom Toolbar, a web browser extension that may modify the browser's home and search pages.

Analysis date:

11/16/2024 12:42:06 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Threat.Undefined

9.0.1.05190

ESET NOD32

Win32/Toolbar.Visicom.A potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/Visicom

3/12/2015

K7 AntiVirus

Trojan

13.200.15243

Kaspersky

not-a-virus:WebToolbar.Win32.Agent

15.0.0.543

Malwarebytes

PUP.Optional.DLSecure.A

v2015.03.12.11

McAfee

Artemis!A34F41E1D68A

5600.6829

Reason Heuristics

PUP.Installer.Visicom

15.3.12.11

Sophos

Generic PUA PI

4.98

Trend Micro House Call

Suspici.202D3B0F

7.2.71

File size:

3.9 MB (4,053,332 bytes)

Product version:

1.0.1.5

Trademarks:

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\?? ???????????? 37034.~

File PE Metadata

Compilation timestamp:

12/6/2009 12:50:46 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:cg6nAj3FWRYOca/CTXfvVwrB4zRPfFtS66QdIxgj:cnUWRYeovtPfHSnQdIxg

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

Remove Не подтверждено 37034.~ - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.