» mystarttb_5.5.0.2_samba.exe
Overview
Analysis
File Details
Downloads (1)

mystarttb_5.5.0.2_samba.exe

MyStart Toolbar

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application mystarttb_5.5.0.2_samba.exe, “MyStart Toolbar Installer” by Visicom Media has been detected as a potentially unwanted program by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from mystart.toolbarstart.com.

File name:

Publisher:

Visicom Media Inc. (signed and verified)

Product:

MyStart Toolbar

Description:

MyStart Toolbar Installer

Version:

5.6

MD5:

cd9ce5f337b3ddde97464f846939b853

SHA-1:

4a4948cf4730b47914d6fc328f412324dda9ee81

SHA-256:

8d4e6748964ba8f14d99e2307ff637e4f5e1b531a6d63e6cb6b3ee8795b15e89

Scanner detections:

16 / 68

Status:

Potentially unwanted

Explanation:

The setup program may install a variant of the Visicom Toolbar, a web browser extension that may modify the browser's home and search pages.

Analysis date:

11/15/2024 3:18:15 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Agent

7.1.1

Bkav FE

W32.HfsAdware

1.3.0.7383

Clam AntiVirus

Win.Trojan.Win32-3

0.98/21511

ESET NOD32

Win32/Toolbar.Visicom.A potentially unwanted (variant)

9.12588

Fortinet FortiGate

Riskware/Agent

11/22/2015

G Data

Win32.Application.Agent.YKUG4X

15.11.25

K7 AntiVirus

Unwanted-Program

13.212.17900

Kaspersky

not-a-virus:WebToolbar.Win32.Agent

14.0.0.1083

Malwarebytes

PUP.Optional.MyStartTB.ShrtCln

v2015.11.22.11

McAfee

Artemis!CD9CE5F337B3

5600.6574

Qihoo 360 Security

Win32/Virus.WebToolbar.de5

1.0.0.1077

Reason Heuristics

PUP.Visicom.VisicomMedia.Installer (M)

15.11.22.11

Rising Antivirus

PE:Adware.PennyBee!1.A23E [F]

23.00.65.151120

Sophos

Generic PUA GD (PUA)

4.98

VIPRE Antivirus

Trojan.Win32.Generic

45286

Zillya! Antivirus

Adware.AdLoad.Win32.6973

2.0.0.2518

File size:

4 MB (4,238,376 bytes)

Product version:

5.6.0.2

Trademarks:

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\mystarttb_5.5.0.2_samba.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Symantec Corporation

Valid from:

2/8/2015 7:00:00 PM

Valid to:

2/8/2017 6:59:59 PM

Subject:

CN=Visicom Media Inc., OU=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

0F7022688814C950B353E71B8D1C1D84

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:jjLpmMrBa4pdC6IElAcObIJYUjhL7fj/sbzdPbA8PxUrJB:jjNl26IOOEJYUFghPk7

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9988

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file mystarttb_5.5.0.2_samba.exe has been seen being distributed by the following URL.

http://mystart.toolbarstart.com/download/.../mystartTb_5.6.0.2_samba.exe

Remove mystarttb_5.5.0.2_samba.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.