browsercleanerwebinstaller_visicom.exe

Browser Cleaner

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application browsercleanerwebinstaller_visicom.exe, “Browser Cleaner Web Installer” by Visicom Media has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from dl.cdn.chip.de and multiple other hosts.
Publisher:
Visicom Media Inc  (signed by Visicom Media Inc.)

Product:
Browser Cleaner

Description:
Browser Cleaner Web Installer

Version:
1.0.0.5

MD5:
7d6d3d61f0af660e2c872463b3224766

SHA-1:
37691f117d61d94db7105e8a2c156f793eea2eb5

SHA-256:
aa3cad21d21c4cb18b0491ae6700c33a57ad8eae54c792a7874571f1317135e3

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 3:16:28 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3185

Reason Heuristics
PUP.BrowserCleanerWebInstaller.Visicom
15.2.28.6

File size:
271 KB (277,528 bytes)

Product version:
2.0

Copyright:
2006-2015 Visicom Media Inc.

Trademarks:
2006-2015 Visicom Media Inc, All Rights Reserved

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\browsercleanerwebinstaller_visicom.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
2/9/2015 4:00:00 AM

Valid to:
2/9/2017 3:59:59 AM

Subject:
CN=Visicom Media Inc., OU=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
0F7022688814C950B353E71B8D1C1D84

File PE Metadata
Compilation timestamp:
2/3/2015 1:28:55 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:Yy3G8+2+JnCjg2m7BRhtOWUa7TfcNuSLXNs65HshX:YyQOgt7o0SW4HshX

Entry address:
0x6C46

Entry point:
E8, 62, 39, 00, 00, E9, 7F, FE, FF, FF, E9, 0F, 09, 00, 00, 3B, 0D, 10, E1, 42, 00, 75, 02, F3, C3, E9, 48, 14, 00, 00, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, E8, 23, 2F, 00, 00, 8B, D0, 89, 56, 08, 8B, 4A, 6C, 89, 0E, 8B, 4A, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 6C, E9, 42, 00, 74, 11, A1, 2C, EA, 42, 00, 85, 42, 70, 75, 07, E8, 61, 42, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 70, E1, 42, 00, 74, 15, 8B, 4E, 08, A1, 2C, EA, 42, 00, 85, 41, 70, 75, 08, E8, C4, 45, 00, 00, 89, 46, 04, 8B...
 
[+]

Code size:
127 KB (130,048 bytes)

The file browsercleanerwebinstaller_visicom.exe has been seen being distributed by the following 2 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-87-44-150.compute-1.amazonaws.com  (52.87.44.150:80)

TCP (HTTP):
Connects to 209-88-193-137.barak.net.il  (209.88.193.137:80)

TCP (HTTP):
Connects to server-54-240-184-59.ams50.r.cloudfront.net  (54.240.184.59:80)

TCP (HTTP):
Connects to server-54-192-55-100.jfk6.r.cloudfront.net  (54.192.55.100:80)

TCP (HTTP):
Connects to haproxy9.ca.servers.visadd.com  (142.4.193.32:80)

TCP (HTTP):
Connects to ec2-52-34-60-95.us-west-2.compute.amazonaws.com  (52.34.60.95:80)

TCP (HTTP):
Connects to ec2-52-21-158-163.compute-1.amazonaws.com  (52.21.158.163:80)

TCP (HTTP):
Connects to ec2-107-20-225-36.compute-1.amazonaws.com  (107.20.225.36:80)

TCP (HTTP):
Connects to wb-in-f113.1e100.net  (66.102.1.113:80)

TCP (HTTP):
Connects to server-54-192-185-83.cdg51.r.cloudfront.net  (54.192.185.83:80)

Remove browsercleanerwebinstaller_visicom.exe - Powered by Reason Core Security