comcastantispyservice.exe

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application comcastantispyservice.exe by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Comcast AntiSpyware”.
Publisher:
Visicom Media Inc.  (signed and verified)

Version:
1.0.0.51

MD5:
f9dac844b1d370da4c984d4c22f5e696

SHA-1:
fe9ebb8fc3c08018edb5f825a4e20c0d27d647eb

SHA-256:
753b08e4d4cc09c91c16394f6a420e6da033d41fde510a41f900c1ced0e6b946

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 4:19:54 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Visicom (M)
16.11.16.6

File size:
602 KB (616,408 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (Canada)

Common path:
C:\Program Files\comcasttb\comcastspywarescan\comcastantispyservice.exe

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
5/27/2008 8:00:00 PM

Valid to:
6/22/2010 7:59:59 PM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
70DEF7A1CF826EC0B9F2257933EA429B

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:+miJMUAxTAA5K33DdAr4M0aQmhmvURFI3HHACYjp0EGHNQ+XhPbnNVaX:+maMjWA5K33DK8M0fUfdjpP+XvVaX

Entry address:
0x838B0

Entry point:
55, 8B, EC, 83, C4, F0, 53, B8, A8, 23, 48, 00, E8, 0F, 3C, F8, FF, A1, 64, 5E, 48, 00, 8B, 00, 80, 78, 30, 00, 74, 10, A1, 64, 5E, 48, 00, 8B, 00, E8, 42, FC, FD, FF, 84, C0, 74, 0C, A1, 64, 5E, 48, 00, 8B, 00, 8B, 10, FF, 52, 34, A1, 64, 5E, 48, 00, 8B, 00, 83, C0, 3C, BA, 30, 39, 48, 00, E8, AA, 19, F8, FF, 8B, 0D, 04, 5E, 48, 00, A1, 64, 5E, 48, 00, 8B, 00, 8B, 15, 7C, 20, 48, 00, 8B, 18, FF, 53, 30, A1, 64, 5E, 48, 00, 8B, 00, 8B, 10, FF, 52, 38, 5B, E8, 64, 17, F8, FF, FF, FF, FF, FF, 13, 00, 00, 00...
 
[+]

Entropy:
6.6315

Developed / compiled with:
Microsoft Visual C++

Code size:
520.5 KB (532,992 bytes)

Service
Display name:
Comcast AntiSpyware

Service name:
AntiSpywareService

Type:
Win32OwnProcess


Remove comcastantispyservice.exe - Powered by Reason Core Security