dlsecuretb_1.0.1.5.exe

DLSecure Toolbar

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application dlsecuretb_1.0.1.5.exe, “DLSecure Toolbar Installer” has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.idownloadplay.com.
Publisher:
Visicom Media Inc.

Product:
DLSecure Toolbar

Description:
DLSecure Toolbar Installer

Version:
1.0

MD5:
00a70059e1ad3c9d471b6ec78d6890fc

SHA-1:
4d7452e6fd150fd64468bc3b15092e5163520d76

SHA-256:
35f0c7fc71cf63270f43e92d369309dd0260eb72372177bcb4856a521864725f

Scanner detections:
11 / 68

Status:
Adware

Explanation:
The setup program may install a variant of the Visicom Toolbar, a web browser extension that may modify the browser's home and search pages.

Analysis date:
11/15/2024 9:52:15 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.Visicom
4.0.3.15328

Dr.Web
Adware.Shopper.489
9.0.1.087

ESET NOD32
Win32/Toolbar.Visicom.A potentially unwanted (variant)
9.11144

Fortinet FortiGate
Riskware/Visicom
3/28/2015

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
14.0.0.2279

Malwarebytes
PUP.Optional.DLSecure.A
v2015.03.28.04

McAfee
Artemis!00A70059E1AD
5600.6813

NANO AntiVirus
Riskware.Nsis.Adware.dmihbl
0.30.0.65070

Reason Heuristics
PUP.Installer.Visicom
15.3.28.5

Trend Micro House Call
Suspicious_GEN.F47V0201
7.2.87

File size:
4 MB (4,194,840 bytes)

Product version:
1.0.1.5

Copyright:
© Visicom Media Inc. (License)

Trademarks:
Visicom Media Inc., All Rights Reserved

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\dlsecuretb_1.0.1.5.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:cg6nAj3FWRYOca/CTXfvVwrB4zRPfFtS66QdIxgBc:cnUWRYeovtPfHSnQdIx9

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file dlsecuretb_1.0.1.5.exe has been seen being distributed by the following URL.

Remove dlsecuretb_1.0.1.5.exe - Powered by Reason Core Security