dlsecuretb_1.0.0.2.exe

DLSecure Toolbar

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application dlsecuretb_1.0.0.2.exe, “DLSecure Toolbar Installer” by Visicom Media has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
DLSecure Toolbar

Description:
DLSecure Toolbar Installer

Version:
1.0

MD5:
8fad8d914514025e79b99a7cc8e4bf60

SHA-1:
6e92901d5d95121a17fb4e56444ab6968b2378bc

SHA-256:
0c3d4bca9baf8e323659efb8fddedd4f71f821b77e61d2d4015159b99f0159d4

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
The setup program may install a variant of the Visicom Toolbar, a web browser extension that may modify the browser's home and search pages.

Analysis date:
12/29/2024 5:16:48 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Tool.InstallToolbar.129
9.0.1.094

ESET NOD32
Win32/Toolbar.Visicom (variant)
8.9633

Reason Heuristics
PUP.DLSecureToolbarInstaller.VisicomMedia.P
14.10.1.11

Trend Micro House Call
TROJ_GEN.F47V1219
7.2.94

File size:
4 MB (4,246,608 bytes)

Product version:
1.0.0.2

Copyright:
© Visicom Media Inc. (License)

Trademarks:
Visicom Media Inc., All Rights Reserved

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\dlsecuretb_1.0.0.2.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
4/17/2012 8:00:00 PM

Valid to:
6/21/2014 7:59:59 PM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B19B54BB7ABEE1A2623111C029AF449

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:nM2mjWeSDLg3dteOfhC1aceM648bN/C2qwxY:nMpW5fgNc0hCiM6XtyUY

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9992

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file dlsecuretb_1.0.0.2.exe has been seen being distributed by the following 7 URLs.

temp:dlsecureTb_1.0.0.2-5.exe

Remove dlsecuretb_1.0.0.2.exe - Powered by Reason Core Security