panda_url_filteringb.exe

Anti-phishing Domain Advisor (Powered by Panda Security)

GreenSearchSecurity

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application panda_url_filteringb.exe by GreenSearchSecurity has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “panda_url_filtering Service”. This file is typically installed with the program Panda Security URL Filtering by Panda Security.
Publisher:
Visicom Media Inc.  (signed by GreenSearchSecurity)

Product:
Anti-phishing Domain Advisor (Powered by Panda Security)

Version:
2, 0, 0, 0

MD5:
1c12ea4181d99a32a98ea831dfe1d1f3

SHA-1:
f305d99eb520114974eebfc2aa10c1ca0d749925

SHA-256:
a7ed165929676db8968653e99c082c560fdc50b5790da19a87500cf57dfef7c1

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/24/2024 12:22:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Service.GreenSearchSecurity.U
14.11.1.14

File size:
276.8 KB (283,448 bytes)

Product version:
2.0

Copyright:
Copyright (C) 2014 Visicom Media Inc.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\panda security url filtering\panda_url_filteringb.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
5/7/2014 2:00:00 AM

Valid to:
5/8/2015 1:59:59 AM

Subject:
CN=GreenSearchSecurity, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=GreenSearchSecurity, L=Montreal, S=Quebec, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
308A16A974A713BAD17FDCAAAA27C1

File PE Metadata
Compilation timestamp:
8/5/2014 5:06:02 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:44LVIEGxuDc57wRs3QNybpWS8X7qKH6nQFCp+CXz4uU/xBFzY4uHKWMCpwkk8Fv7:4mVfgViM4rqKanQYZ41qQMwklhH

Entry address:
0xE73B

Entry point:
E8, C1, A7, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, 95, 42, 00, E8, BF, 2F, 00, 00, E8, 54, 23, 00, 00, 0F, B7, F0, 6A, 02, E8, 54, A7, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 6B, 77, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
128 KB (131,072 bytes)

Service
Display name:
panda_url_filtering Service

Service name:
panda_url_filtering

Description:
Provides Anti-Phishing protection

Type:
Win32OwnProcess


The file panda_url_filteringb.exe has been discovered within the following program.

Panda Security URL Filtering  by Panda Security
The Panda Security Toolbar is a free optional toolbar that comes with Panda Cloud. The toolbar provides web filtering along with some features that may come in handy for users. The toolbar works on Internet Explorer and Firefox only.
60% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to visicom-102.nationalnet.com  (69.50.130.33:80)

TCP (HTTP):
Connects to visicom-101.nationalnet.com  (69.50.130.31:80)

TCP (HTTP):
Connects to a23-204-102-25.deploy.static.akamaitechnologies.com  (23.204.102.25:80)

TCP (HTTP):
Connects to host-213.158.175.90.tedata.net  (213.158.175.90:80)

TCP (HTTP):
Connects to cable190-248-95-104.une.net.co  (190.248.95.104:80)

TCP (HTTP):
Connects to a201-016-134-048.deploy.akamaitechnologies.com  (201.16.134.48:80)

TCP (HTTP):
Connects to host-213.158.175.83.tedata.net  (213.158.175.83:80)

TCP (HTTP):
Connects to cable190-248-95-89.une.net.co  (190.248.95.89:80)

TCP (HTTP):
Connects to a84-53-132-11.deploy.akamaitechnologies.com  (84.53.132.11:80)

TCP (HTTP):
Connects to a201-016-134-057.deploy.akamaitechnologies.com  (201.16.134.57:80)

TCP (HTTP):
Connects to r200-40-28-24.antel.net.uy  (200.40.28.24:80)

TCP (HTTP):
Connects to cable190-248-95-80.une.net.co  (190.248.95.80:80)

TCP (HTTP):
Connects to bto-04-009.bto.ras.cantv.net  (200.44.23.137:80)

TCP (HTTP):
Connects to bb7afa90.virtua.com.br  (187.122.250.144:80)

TCP (HTTP):
Connects to a95-101-80-98.deploy.akamaitechnologies.com  (95.101.80.98:80)

TCP (HTTP):
Connects to a84-53-132-25.deploy.akamaitechnologies.com  (84.53.132.25:80)

TCP (HTTP):
Connects to 57.201-148-67.bestel.com.mx  (201.148.67.57:80)

TCP (HTTP):
Connects to 201-0-222-32.dial-up.telesp.net.br  (201.0.222.32:80)

Remove panda_url_filteringb.exe - Powered by Reason Core Security