home

ftpxpert.exe.bak

AceFTP v2

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The file ftpxpert.exe.bak has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address ftp-vit.online.net on port 21.
Publisher:
Visicom Media Inc.

Product:
AceFTP v2

Version:
2.0.1.0

MD5:
1cc7933fe6dc64ce658d76fde77ac922

SHA-1:
418cc126283222ac373bb0336b87cea5b5b51753

SHA-256:
837aa1b14b39726e2395148da7768dabb4f87c55d12af9468042614967ff7207

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
1/13/2025 4:23:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Visicom.VisicomM.Meta (M)
16.7.13.0

File size:
3.1 MB (3,222,818 bytes)

Product version:
2.0

Copyright:
Copyright © 1996-2001 Visicom Media Inc.

Original file name:
AceFTP.exe

Language:
French (France)

Common path:
C:\users\{user}\appdata\local\virtualstore\Program Files\visicom media\ftpexpert2\ftpxpert.exe.bak

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:Y2mPhAVIwdjtGO33u+24fMAgFclXDRoZS6SCrAq4nrZbrrsUVwzB9EZc1cdSO5S1:Y2VIwa4A4fF+ZS9JM5SPZUW+

Entry address:
0x20EF2C

Entry point:
55, 8B, EC, 83, C4, F4, 53, B8, 6C, E8, 60, 00, E8, 97, 82, DF, FF, 8B, 1D, B8, 1B, 61, 00, 8B, 03, 80, 78, 4B, 00, 74, 0A, A1, 34, 19, 61, 00, 80, 38, 00, 74, 04, 33, C0, EB, 02, B0, 01, 8B, 13, 88, 42, 4B, 8B, 03, E8, 21, 51, E3, FF, 8B, 0D, 50, 1A, 61, 00, 8B, 03, 8B, 15, 34, FB, 5A, 00, E8, 26, 51, E3, FF, 8B, 0D, 1C, 1A, 61, 00, 8B, 03, 8B, 15, 10, 1B, 5A, 00, E8, 13, 51, E3, FF, 8B, 0D, 54, 18, 61, 00, 8B, 03, 8B, 15, A8, 11, 5A, 00, E8, 00, 51, E3, FF, 8B, 03, E8, 79, 51, E3, FF, 5B, E8, 8F, 4C, DF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.1 MB (2,154,496 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (FTP):
Connects to ftp-vit.online.net  (62.210.16.42:21)

Remove ftpxpert.exe.bak - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.