home

adv_93.exe

Visual Tools Client Setup 1.0

Visual Tools

The application adv_93.exe, “Visual Tools Client Setup” by Visual Tools has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.
Publisher:
Visual Tools Ltd.  (signed by Visual Tools)

Product:
Visual Tools Client Setup 1.0

Description:
Visual Tools Client Setup

Version:
1.0.5.0

MD5:
b503ebce0762716d7d2dfde20b9761fc

SHA-1:
c231518bb38a952132769b2b963ec120bb7cba7f

SHA-256:
a76a9abeb6b732acda89ea76bf497ae2c403388e5002eb8168f0c1336b60666b

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
11/23/2024 8:15:23 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Babylon (M)
16.10.7.13

File size:
1.7 MB (1,819,896 bytes)

Copyright:
2011(c) Visual Tools Ltd. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\adv_93.exe

Digital Signature
Signed by:
Visual Tools

Authority:
thawte, Inc.

Valid from:
1/19/2015 8:00:00 AM

Valid to:
1/18/2017 7:59:59 AM

Subject:
CN=Visual Tools, O=Visual Tools, L=Belgrade, S=Serbia, C=RS

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
408E6A1AC8A6BFBB9F655878B36BA3AE

File PE Metadata
Compilation timestamp:
10/22/2014 4:00:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:TqoL3U0x20orG/g14Mi/2cz8ee3UUK4UkJXlM9rRyn3+6irD/J:VE0xyyMiecg2Ux5JVyrYn3+6

Entry address:
0x2703

Entry point:
E8, 10, 1D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, 3A, 41, 00, E8, C7, 1E, 00, 00, E8, EC, 01, 00, 00, 0F, B7, F0, 6A, 02, E8, A3, 1C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 84, 16, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.9382  (probably packed)

Code size:
51.5 KB (52,736 bytes)

Remove adv_93.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.