» comcastantispy.exe
Overview
Analysis
File Details

comcastantispy.exe

Comcast Anti-Spy

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application comcastantispy.exe by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

comcastantispy.exe

Publisher:

Comcast (signed by Visicom Media Inc.)

Product:

Comcast Anti-Spy

Version:

1.5.0.0

MD5:

ce04438b43da21761021ae06fc27964e

SHA-1:

da7646ec076549d765a0f279fab37bc0e1177827

SHA-256:

c9382c11931f0da218db7642d299887d632bb6a57b9489c10f647bcfecc6eac2

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/14/2024 3:00:29 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Visicom.VisicomM (M)

16.5.10.9

File size:

713.9 KB (731,064 bytes)

Product version:

1.5

File type:

Executable application (Win32 EXE)

Language:

English (Canada)

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

6/19/2007 7:00:00 PM

Valid to:

6/22/2008 6:59:59 PM

Subject:

CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

53647B50983ED1EB11C279CB398C2CA4

File PE Metadata

Compilation timestamp:

10/18/2007 1:28:50 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:FCcKeJWbWUJfoZ8gn3nhTjapnl7aPZojJzEibXKPF86IS1TTjGAx2w:h7JWY8gn3hTjan0ZojJfbaPbIS1TTjGy

Entry address:

0x9287C

Entry point:

55, 8B, EC, 83, C4, E8, 53, 33, C0, 89, 45, EC, 89, 45, E8, B8, 40, 15, 49, 00, E8, 43, 44, F7, FF, 8B, 1D, 84, 50, 49, 00, 33, C0, 55, 68, 26, 2A, 49, 00, 64, FF, 30, 64, 89, 20, 33, C0, A3, DC, AF, 49, 00, 68, 00, 01, 00, 00, 68, DC, AE, 49, 00, 8B, 03, 8B, 40, 30, 50, E8, 8B, 4D, F7, FF, 68, 00, 01, 00, 00, 68, DC, AD, 49, 00, 8B, 03, 8B, 40, 30, 50, E8, 16, 4C, F7, FF, 6A, 00, 68, 98, 14, 49, 00, E8, C2, 4B, F7, FF, 83, 3D, DC, AF, 49, 00, 00, 76, 3A, A1, DC, AF, 49, 00, 50, E8, 7E, 4C, F7, FF, 8B, D8... 
[+]

Entropy:

6.5885

Developed / compiled with:

Microsoft Visual C++

Code size:

581 KB (594,944 bytes)

Remove comcastantispy.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.