toolbarcleaner_setup.exe

Toolbar Cleaner

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application toolbarcleaner_setup.exe, “Toolbar Cleaner installer.” by Visicom Media has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from telechargement2.pcastuces.com and multiple other hosts.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
Toolbar Cleaner

Description:
Toolbar Cleaner installer.

Version:
2.0.1.4

MD5:
a678c400ce12e288a8bf731409c8a43d

SHA-1:
5b564a38007c9b02409a8dcbe0399d3ec0ef39af

SHA-256:
806dfd95084e606316839705753f9995b51dbf01e68b7117b0ba28bc4372aa1f

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:12:15 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Toolbar.272
9.0.1.0309

Reason Heuristics
PUP.ToolbarCleanerinstaller.VisicomMedia.U
14.11.5.4

File size:
1.1 MB (1,142,472 bytes)

Product version:
2.0.6.22

Copyright:
Visicom Media Inc. (License)

Trademarks:
Visicom Media Inc, All Rights Reserved

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\toolbarcleaner_setup.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
5/8/2014 3:00:00 AM

Valid to:
6/21/2016 2:59:59 AM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
266F9E30991B0C3EFC03DA9B8CDDB68D

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:lNBZKW2MSwMxw8DaSNektsKKEipcY9d39jbRAhauH0fW:vnK/MSwWtpku/UV9dtjby8Sx

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file toolbarcleaner_setup.exe has been seen being distributed by the following 3 URLs.

Remove toolbarcleaner_setup.exe - Powered by Reason Core Security