comcastantispyservice.exe

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application comcastantispyservice.exe by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Comcast AntiSpyware”.
Publisher:
Visicom Media Inc.  (signed and verified)

Version:
1.0.0.51

MD5:
582d634e78735046caf2e2765b391a18

SHA-1:
3d6e3f2f5ebbd30eeedf384a56549219abfa9491

SHA-256:
94026028f265dac65086d6085642032e27db32a0d28a2add73d331b30a3b73eb

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/14/2024 2:32:42 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Visicom (M)
16.11.19.6

File size:
602 KB (616,408 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (Canada)

Common path:
C:\Program Files\comcasttb\comcastspywarescan\comcastantispyservice.exe

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
5/27/2008 5:00:00 PM

Valid to:
6/22/2010 4:59:59 PM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
70DEF7A1CF826EC0B9F2257933EA429B

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:+miJMUAxTAA5K33DdAr4M0aQmhmvURFI3HHACYjp0EGHNQ+XhPbKNVaX:+maMjWA5K33DK8M0fUfdjpP+XMVaX

Entry address:
0x838B0

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, A8, 23, 48, 00, E8, 0F, 3C, F8, FF, A1, 64, 5E, 48, 00, 8B, 00, 80, 78, 30, 00, 74, 10, A1, 64, 5E, 48, 00, 8B, 00, E8, 42, FC, FD, FF, 84, C0, 74, 0C, A1, 64, 5E, 48, 00, 8B, 00, 8B, 10, FF, 52, 34, A1, 64, 5E, 48, 00, 8B, 00, 83, C0, 3C, BA, 30, 39, 48, 00, E8, AA, 19, F8, FF, 8B, 0D, 04, 5E, 48, 00, A1, 64, 5E, 48, 00, 8B, 00, 8B, 15, 7C, 20, 48, 00, 8B, 18, FF, 53, 30, A1, 64, 5E, 48, 00, 8B, 00, 8B, 10, FF, 52, 38, 5B, E8, 64, 17, F8, FF, FF, FF, FF, FF, 13, 00, 00, 00...
 
[+]

Entropy:
6.6315

Developed / compiled with:
Microsoft Visual C++

Code size:
520.5 KB (532,992 bytes)

Service
Display name:
Comcast AntiSpyware

Service name:
AntiSpywareService

Type:
Win32OwnProcess


Remove comcastantispyservice.exe - Powered by Reason Core Security