» torrentdownloader.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

torrentdownloader.exe

Torrent Downloader

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application torrentdownloader.exe by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

Visicom Media Inc. (signed and verified)

Product:

Torrent Downloader

Version:

1.0.1.113

MD5:

4132fb27ec551b0f0b3092c68c96e858

SHA-1:

2f6a78abc07496420c46838e07d668a500dd9614

SHA-256:

7f34a85538e42d33d5b253fcbe8a46a0d1170678d12e4c072771a6b18b4441ab

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/14/2024 8:59:59 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Visicom.VisicomM (M)

16.5.12.13

File size:

22 MB (23,075,424 bytes)

Product version:

1.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\visicom media\torrent downloader\torrentdownloader.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Thawte, Inc.

Valid from:

4/18/2012 2:00:00 AM

Valid to:

6/22/2014 1:59:59 AM

Subject:

CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2B19B54BB7ABEE1A2623111C029AF449

File PE Metadata

Compilation timestamp:

12/18/2013 10:09:10 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:SsrH1gmUhJGmT6y8DUgu+VMa8wLZZQNni0td22NtwaH:NleT6yoB8ni0td22NSq

Entry address:

0x1066AD8

Entry point:

55, 8B, EC, 83, C4, EC, 53, 33, C0, 89, 45, EC, B8, 78, D8, 43, 01, E8, 96, 94, FA, FE, 8B, 1D, 70, 3B, 4D, 01, 33, C0, 55, 68, CE, 6B, 46, 01, 64, FF, 30, 64, 89, 20, E8, 79, 17, F6, FF, E8, 2C, 13, F6, FF, 84, C0, 0F, 84, A4, 00, 00, 00, A1, 4C, 16, 4D, 01, 8B, 00, 8B, 80, E0, 01, 00, 00, E8, 0E, 82, EA, FF, 8D, 45, EC, E8, AE, 64, EA, FF, 8B, 55, EC, A1, 4C, 16, 4D, 01, 8B, 00, 05, E0, 01, 00, 00, E8, 0A, 3E, FA, FE, 8B, 03, E8, AF, 11, 2A, FF, 8B, 03, B2, 01, E8, C6, 2E, 2A, FF, 8B, 0D, 98, 2B, 4D, 01... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

16.4 MB (17,190,912 bytes)

Windows Firewall Allowed Program

Name:

torrent downloader tcp in

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ec2-52-87-212-95.compute-1.amazonaws.com (52.87.212.95:80)

Remove torrentdownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.