home

adv_93.exe

Visual Tools Client Setup 1.0

Visual Tools

The application adv_93.exe, “Visual Tools Client Setup” by Visual Tools has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.
Publisher:
Visual Tools Ltd.  (signed by Visual Tools)

Product:
Visual Tools Client Setup 1.0

Description:
Visual Tools Client Setup

Version:
1.0.5.0

MD5:
a00ab4eb24b66261bbaf3a615ff226b0

SHA-1:
13735198c0eec68d540fda41745be51ccd936d54

SHA-256:
c08782107eb79895ce0ed72e25a3a6bc8cac0a092e8ed10d3e19ba99d5c81f65

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/3/2024 4:55:25 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon (M)
16.10.19.12

File size:
1.8 MB (1,898,175 bytes)

Copyright:
2011(c) Visual Tools Ltd. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\adv_93.exe

Digital Signature
Signed by:
Visual Tools

Authority:
thawte, Inc.

Valid from:
1/19/2015 7:00:00 AM

Valid to:
1/18/2017 6:59:59 AM

Subject:
CN=Visual Tools, O=Visual Tools, L=Belgrade, S=Serbia, C=RS

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
408E6A1AC8A6BFBB9F655878B36BA3AE

File PE Metadata
Compilation timestamp:
10/22/2014 3:00:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:XqoL3U0x20orG/g14Mi/2cz8ee3UUK4UkJXlM9rRyn3+6irD/J4:pE0xyyMiecg2Ux5JVyrYn3+6t

Entry address:
0x2703

Entry point:
E9, 3E, 3D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, 3A, 41, 00, E8, C7, 1E, 00, 00, E8, EC, 01, 00, 00, 0F, B7, F0, 6A, 02, E8, A3, 1C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 84, 16, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.9682

Packer / compiler:
Xtreme-Protector v1.05

Code size:
51.5 KB (52,736 bytes)

Remove adv_93.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.