» panda_url_filteringb.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (13)

panda_url_filteringb.exe

Anti-phishing Domain Advisor (Powered by Panda Security)

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application panda_url_filteringb.exe by Visicom Media has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “panda_url_filtering Service”. This file is typically installed with the program Panda Security URL Filtering by Panda Security. While running, it connects to the Internet address visicom-101.nationalnet.com on port 80 using the HTTP protocol.

File name:

Publisher:

Visicom Media Inc. (signed and verified)

Product:

Anti-phishing Domain Advisor (Powered by Panda Security)

Version:

2, 0, 0, 0

MD5:

8e5124ecb9fe98c75bdd9b7bce06ad6a

SHA-1:

88551a3835716e3bb3a979b32575c1c7a7898a7c

SHA-256:

a49575e8b4477aafc8485f745b4cae42982af612160bd2134539d3e48ff1e436

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

12/25/2024 11:31:38 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.3090

Bkav FE

W64.HfsAdware

1.3.0.6379

Dr.Web

Tool.InstallToolbar.174

9.0.1.0153

Reason Heuristics

PUP.Visicom.VisicomMedia

15.6.2.18

File size:

284.5 KB (291,336 bytes)

Product version:

2.0

File type:

Executable application (Win64 EXE)

Common path:

C:\ProgramData\panda security url filtering\panda_url_filteringb.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Symantec Corporation

Valid from:

2/9/2015 3:00:00 AM

Valid to:

2/9/2017 2:59:59 AM

Subject:

CN=Visicom Media Inc., OU=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

0F7022688814C950B353E71B8D1C1D84

File PE Metadata

Compilation timestamp:

5/15/2015 7:50:26 PM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:N7Q8FhIaGRSzw8CVT0HDrQDLdztMD0IMwkqY:FQ8rGR6hUvvLwHY

Entry address:

0x10024

Entry point:

48, 83, EC, 28, E8, FB, AB, 00, 00, 48, 83, C4, 28, E9, 02, 00, 00, 00, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 30, E8, D0, 2B, 00, 00, 0F, B7, F0, B9, 02, 00, 00, 00, E8, 87, AB, 00, 00, B8, 4D, 5A, 00, 00, 48, 8D, 3D, 9B, FF, FE, FF, 66, 39, 05, 94, FF, FE, FF, 74, 04, 33, DB, EB, 31, 48, 63, 05, C3, FF, FE, FF, 48, 03, C7, 81, 38, 50, 45, 00, 00, 75, EA, B9, 0B, 02, 00, 00, 66, 39, 48, 18, 75, DF, 33, DB, 83, B8, 84, 00, 00, 00, 0E, 76, 09, 39, 98, F8, 00, 00, 00, 0F, 95, C3, 89... 
[+]

Code size:

135 KB (138,240 bytes)

Service

Display name:

panda_url_filtering Service

Service name:

panda_url_filtering

Description:

Provides Anti-Phishing protection

Type:

Win32OwnProcess

The file panda_url_filteringb.exe has been discovered within the following program.

Panda Security URL Filtering by Panda Security

The Panda Security Toolbar is a free optional toolbar that comes with Panda Cloud. The toolbar provides web filtering along with some features that may come in handy for users. The toolbar works on Internet Explorer and Firefox only.

60% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a23-59-190-18.deploy.static.akamaitechnologies.com (23.59.190.18:80)

TCP (HTTP):

Connects to visicom-102.nationalnet.com (69.50.130.33:80)

TCP (HTTP):

Connects to visicom-101.nationalnet.com (69.50.130.31:80)

TCP (HTTP):

Connects to a186-211-197-42.deploy.akamaitechnologies.com (186.211.197.42:80)

TCP (HTTP):

Connects to client-200.60.136.56.speedy.net.pe (200.60.136.56:80)

TCP (HTTP):

Connects to a96-6-123-64.deploy.akamaitechnologies.com (96.6.123.64:80)

TCP (HTTP):

Connects to a118-214.160-235.deploy.akamaitechnologies.com (118.214.160.235:80)

TCP (HTTP):

Connects to host-181-192-63-73.telered.com.ar (181.192.63.73:80)

TCP (HTTP):

Connects to client-200.60.190.118.speedy.net.pe (200.60.190.118:80)

TCP (HTTP):

Connects to client-200.60.190.102.speedy.net.pe (200.60.190.102:80)

TCP (HTTP):

Connects to a72-247-210-19.deploy.akamaitechnologies.com (72.247.210.19:80)

TCP (HTTP):

Connects to 201.47.97.51.static.host.gvt.net.br (201.47.97.51:80)

TCP (HTTP):

Connects to 191.34.33.168.static.adsl.gvt.net.br (191.34.33.168:80)

Remove panda_url_filteringb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.