home

appgrid_agsocialads1.1.exe

MyStart Apps

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application appgrid_agsocialads1.1.exe, “MyStart Apps Installer” by Visicom Media has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.toolbarstart.com.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
MyStart Apps

Description:
MyStart Apps Installer

Version:
1.1

MD5:
3dcbf4bcc817c36d60d59465edba40f1

SHA-1:
745ac9fbcfc83ac5cbee8e6250cfbaea74c98f47

SHA-256:
a1c6530e4c6bdf8aff0244c452519b9f172e8957383073ab2e512309ca8ae6a0

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
The setup program may install a variant of the Visicom Toolbar, a web browser extension that may modify the browser's home and search pages.

Analysis date:
11/15/2024 5:26:13 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Toolbar.Visicom (variant)
8.10470

McAfee
Artemis!3DCBF4BCC817
5600.6995

Reason Heuristics
PUP.MyStartAppsInstaller.VisicomMedia.V
14.10.1.11

File size:
1.3 MB (1,359,520 bytes)

Product version:
1.1.0.8

Copyright:
© Visicom Media Inc. (License)

Trademarks:
Visicom Media Inc., All Rights Reserved

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\appgrid_agsocialads1.1.exe

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
6/23/2010 7:00:00 PM

Valid to:
6/21/2012 6:59:59 PM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
73C74D9445094BFD79759F7B9CAFD730

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:w4SYJ9dpj9jTkH4PWKLkqYXvNQo1C3L5vqMhbDzD9Yx9SSdGSAk:qK9dnj4H4+KAqwlk3hbDzcSSwo

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9813

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file appgrid_agsocialads1.1.exe has been seen being distributed by the following URL.

http://www.toolbarstart.com/.../appgrid_agSocialAds1.1.exe

Remove appgrid_agsocialads1.1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.