mystarttb_klcp.exe

MyStart Toolbar

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application mystarttb_klcp.exe, “MyStart Toolbar Installer” by Visicom Media has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from 91.74.184.35 and multiple other hosts.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
MyStart Toolbar

Description:
MyStart Toolbar Installer

Version:
5.5

MD5:
f081b6c9cffd59b93796c91d5ee01f0f

SHA-1:
c9cf915ea4ebcfc206a6ae7f2412293df6a9c164

SHA-256:
8ad4b590b240abb36e4c66779879614c75b0baec4dcee6a9ec7c011b742672cd

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
The setup program may install a variant of the Visicom Toolbar, a web browser extension that may modify the browser's home and search pages.

Analysis date:
12/26/2024 2:44:08 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Agent
7.1.1

AVG
Generic
2016.0.3188

Comodo Security
EmailWorm.Win32.Joleee.~J
21137

Dr.Web
Adware.Toolbar.283
9.0.1.055

ESET NOD32
Win32/Toolbar.Visicom.A potentially unwanted (variant)
9.11202

K7 AntiVirus
Unwanted-Program
13.197.15026

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
14.0.0.2437

Malwarebytes
PUP.Optional.MyStartTB.A
v2015.02.24.04

NANO AntiVirus
Riskware.Nsis.Adware.dmihbl
0.30.0.126

Reason Heuristics
PUP.MyStartToolbarInstaller.Visicom
15.2.24.16

Trend Micro House Call
TROJ_GEN.R08NH07BJ15
7.2.55

Zillya! Antivirus
Adware.Agent.Win32.43878
2.0.0.2074

File size:
4.3 MB (4,536,888 bytes)

Product version:
5.5.0.2

Copyright:
© Visicom Media Inc.

Trademarks:
Visicom Media Inc., All Rights Reserved

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\1n8p99yx\mystarttb_klcp.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
2/9/2015 1:00:00 AM

Valid to:
2/9/2017 12:59:59 AM

Subject:
CN=Visicom Media Inc., OU=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
0F7022688814C950B353E71B8D1C1D84

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:7bdP/6XR9wDng3NqlTebWBuD/LskvK5/khL:7ZP/6B9wDnkqTeq6LskvK5/KL

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file mystarttb_klcp.exe has been seen being distributed by the following 4 URLs.

http://91.74.184.35/.../mystartTb_klcp.exe

http://113.171.224.169/.../mystartTb_klcp.exe

http://113.171.224.209/.../mystartTb_klcp.exe

Remove mystarttb_klcp.exe - Powered by Reason Core Security