mystarttb_5.5.0.2_samba.exe

MyStart Toolbar

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application mystarttb_5.5.0.2_samba.exe, “MyStart Toolbar Installer” by Visicom Media has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from mystart.toolbarstart.com.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
MyStart Toolbar

Description:
MyStart Toolbar Installer

Version:
5.6

MD5:
cd9ce5f337b3ddde97464f846939b853

SHA-1:
4a4948cf4730b47914d6fc328f412324dda9ee81

SHA-256:
8d4e6748964ba8f14d99e2307ff637e4f5e1b531a6d63e6cb6b3ee8795b15e89

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
The setup program may install a variant of the Visicom Toolbar, a web browser extension that may modify the browser's home and search pages.

Analysis date:
12/26/2024 2:39:31 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Agent
7.1.1

Bkav FE
W32.HfsAdware
1.3.0.7383

Clam AntiVirus
Win.Trojan.Win32-3
0.98/21511

ESET NOD32
Win32/Toolbar.Visicom.A potentially unwanted (variant)
9.12588

Fortinet FortiGate
Riskware/Agent
11/22/2015

G Data
Win32.Application.Agent.YKUG4X
15.11.25

K7 AntiVirus
Unwanted-Program
13.212.17900

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
14.0.0.1083

Malwarebytes
PUP.Optional.MyStartTB.ShrtCln
v2015.11.22.11

McAfee
Artemis!CD9CE5F337B3
5600.6574

Qihoo 360 Security
Win32/Virus.WebToolbar.de5
1.0.0.1077

Reason Heuristics
PUP.Visicom.VisicomMedia.Installer (M)
15.11.22.11

Rising Antivirus
PE:Adware.PennyBee!1.A23E [F]
23.00.65.151120

Sophos
Generic PUA GD (PUA)
4.98

VIPRE Antivirus
Trojan.Win32.Generic
45286

Zillya! Antivirus
Adware.AdLoad.Win32.6973
2.0.0.2518

File size:
4 MB (4,238,376 bytes)

Product version:
5.6.0.2

Copyright:
© Visicom Media Inc. (License)

Trademarks:
Visicom Media Inc., All Rights Reserved

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\mystarttb_5.5.0.2_samba.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
2/8/2015 7:00:00 PM

Valid to:
2/8/2017 6:59:59 PM

Subject:
CN=Visicom Media Inc., OU=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
0F7022688814C950B353E71B8D1C1D84

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:jjLpmMrBa4pdC6IElAcObIJYUjhL7fj/sbzdPbA8PxUrJB:jjNl26IOOEJYUFghPk7

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9988

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file mystarttb_5.5.0.2_samba.exe has been seen being distributed by the following URL.

Remove mystarttb_5.5.0.2_samba.exe - Powered by Reason Core Security