home

nasdaq.dll

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module nasdaq.dll by Visicom Media has been detected as a potentially unwanted program by 3 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Nasdaq Toolbar’.
Publisher:
Visicom Media Inc.  (signed and verified)

Version:
5.0.0.13

MD5:
e9de1ff2905240af6920de5a7979d75c

SHA-1:
d777c9d12c8d9431d6a13ac72154c0445d36ed66

SHA-256:
5760cb122bcc196a9b557f8f7ab7bbafa2848e23a8e95864041359a3e4ee4bec

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 3:22:17 PM UTC  (today)

Scan engine
Detection
Engine version

Panda Antivirus
Suspicious file
15.09.12.06

Prevx
Heuristic: Suspicious Self Modifying File
3.0.9

Reason Heuristics
PUP.Visicom.VisicomMedia (M)
15.9.12.18

File size:
1.8 MB (1,913,584 bytes)

Product version:
1.0.0.0

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\nasdaq\nasdaq.dll

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
6/19/2007 5:00:00 PM

Valid to:
6/22/2008 4:59:59 PM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
53647B50983ED1EB11C279CB398C2CA4

Registration
CLSIDs:
{4E7BD74F-2B8D-469E-C3FF-FB7FB59BFA7D}, {4E7BD74F-2B8D-469E-C3FF-FB7FB59BFA7E}, {4E7BD74F-2B8D-469E-C3FF-FB7FB59BFA7F}

ProgIDs:
nasdaq.NASDAQ, nasdaq.NASDAQToggle Button, nasdaq.NASDAQMenu Button

COM registered:
Yes

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:a/avQNcOvHeY2tNZ1CZzvF+TcGzLwUAHjd3H0BI/4SQ/ccpdrmNByLG:ayAlgyZykUA53H0BDSQ/9drmNAG

Entry address:
0x18A0A8

Entry point:
55, 8B, EC, 83, C4, C4, B8, D8, 89, 58, 00, E8, A4, D7, E7, FF, 83, 3D, FC, 17, 59, 00, 00, 75, 14, B8, E8, 88, 58, 00, A3, FC, 17, 59, 00, B8, 01, 00, 00, 00, E8, 13, E8, FF, FF, E8, 8E, AF, E7, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.4596

Developed / compiled with:
Microsoft Visual C++

Code size:
1.5 MB (1,610,240 bytes)

Internet Explorer BHO
CLSID:
{4E7BD74F-2B8D-469E-C3FF-FB7FB59BFA7D}

CLSID name:
Nasdaq Toolbar


Remove nasdaq.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.