panda_url_filtering.exe

Anti-phishing Domain Advisor (Powered by Panda Security)

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application panda_url_filtering.exe by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address visicom-101.nationalnet.com on port 80 using the HTTP protocol.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
Anti-phishing Domain Advisor (Powered by Panda Security)

Version:
1, 0, 0, 0

MD5:
2e6d56b8f807914e6777982cf961ae2a

SHA-1:
99b3f967a90dc66dd53cc6863d90e6eb08bb6e5f

SHA-256:
4e693bb9e96f872c8f3025af2b5e56119a52092dae23aafac77408ff5f81d2a8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 11:16:32 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Visicom.VisicomMedia (M)
15.12.24.16

File size:
248.5 KB (254,472 bytes)

Product version:
1.0

Copyright:
Copyright (C) 2015 Visicom Media Inc.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\panda security url filtering\panda_url_filtering.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
2/9/2015 1:00:00 AM

Valid to:
2/9/2017 12:59:59 AM

Subject:
CN=Visicom Media Inc., OU=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
0F7022688814C950B353E71B8D1C1D84

File PE Metadata
Compilation timestamp:
5/3/2014 5:55:35 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:5IVe895ZHHxxx3FRdYSIZ+iNPjloDaqMwk2ul:qZHHxxx3zOSIwiNPjZwq

Entry address:
0x1312E

Entry point:
E8, 4C, 8D, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D...
 
[+]

Code size:
143.5 KB (146,944 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to visicom-101.nationalnet.com  (69.50.130.31:80)

TCP (HTTP):
Connects to visicom-102.nationalnet.com  (69.50.130.33:80)

TCP (HTTP):
Connects to cpe-181-47-248-222.telecentro-reversos.com.ar  (181.47.248.222:80)

TCP (HTTP):
Connects to cpe-181-47-248-118.telecentro-reversos.com.ar  (181.47.248.118:80)

TCP (HTTP):
Connects to dh-in-f94.1e100.net  (209.85.203.94:80)

TCP (HTTP):
Connects to dg-in-f94.1e100.net  (209.85.202.94:80)

TCP (HTTP):
Connects to dg-in-f104.1e100.net  (209.85.202.104:80)

Remove panda_url_filtering.exe - Powered by Reason Core Security