mystarttb_visicom_latest.exe

MyStart Toolbar

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application mystarttb_visicom_latest.exe, “MyStart Toolbar Installer” by Visicom Media has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from toolbar.mystart.com.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
MyStart Toolbar

Description:
MyStart Toolbar Installer

Version:
5.3

MD5:
fb5d817b9782550c7b02194c8c88edb3

SHA-1:
eaf4e3faf99ab31f7741fc05e9a0eb7bcc8353c3

SHA-256:
5f567d8b7098ff74d199bbe635d30c1e5e9bd02174f3b58344855d6a5c6291bb

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
The setup program may install a variant of the Visicom Toolbar, a web browser extension that may modify the browser's home and search pages.

Analysis date:
12/25/2024 4:22:01 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Tool.InstallToolbar.129
9.0.1.039

ESET NOD32
Win32/Toolbar.Visicom (variant)
8.9392

Malwarebytes
PUP.Optional.MyStartTB.A
v2014.02.08.04

McAfee
Artemis!C3D6A7A78CFE
5600.7226

Reason Heuristics
PUP.MyStartToolbarInstaller.VisicomMedia.Y
14.10.1.11

Trend Micro House Call
TROJ_GE.9192F1DD
7.2.39

File size:
4.9 MB (5,120,824 bytes)

Product version:
5.3.1.0

Copyright:
© Visicom Media Inc. (License)

Trademarks:
Visicom Media Inc., All Rights Reserved

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mystarttb_visicom_latest.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
4/17/2012 5:00:00 PM

Valid to:
6/21/2014 4:59:59 PM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B19B54BB7ABEE1A2623111C029AF449

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:MTFrT0DqBbaVq4W6GcvErmZFVJZXl4NQINz0dVJFJsTuiB9EMRQ:M5UAaV2kvn1iN0dVJF2yiB6Mi

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9993

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file mystarttb_visicom_latest.exe has been seen being distributed by the following URL.

Remove mystarttb_visicom_latest.exe - Powered by Reason Core Security