torrentdownloadersetup.exe

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application torrentdownloadersetup.exe by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.torrentdownloader.com and multiple other hosts.
Publisher:
Visicom Media Inc.  (signed and verified)

Version:
1, 0, 0, 6

MD5:
de465075449806d42113cecd73fd8aa3

SHA-1:
3ad3b35e46e52761aa08b1890707cc5e0c22f1b4

SHA-256:
199f683c1fd219e2c4233e7f6825f8ab3f215e59eae79a8a4556b232e24fc8d4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/26/2024 2:26:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.VisicomMedia.W
14.10.19.4

File size:
16.4 MB (17,202,784 bytes)

Product version:
1, 0, 0, 6

Copyright:
© 2013 Visicom Media Inc.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\sft\sft\torrentdownloadersetup.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
4/18/2012 5:30:00 AM

Valid to:
6/22/2014 5:29:59 AM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B19B54BB7ABEE1A2623111C029AF449

File PE Metadata
Compilation timestamp:
1/22/2014 10:30:46 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:CxwvjGDaUM5z4uaikq6EYGlQsy/GOmKlDpyzuL:CNaP0u1EEYN6Kb4q

Entry address:
0x3A56

Entry point:
E8, D0, 28, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, F5, 0B, 00, 00, 3B, 0D, 44, 01, 42, 00, 75, 02, F3, C3, E9, 47, 29, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 93, 25, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 58, 07, 42, 00, 74, 12, 8B, 0D, 74, 06, 42, 00, 85, 48, 70, 75, 07, E8, 9F, 33, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 78, 05, 42, 00, 74, 16, 8B, 46, 08, 8B, 0D, 74, 06, 42, 00, 85, 48, 70, 75, 08, E8...
 
[+]

Entropy:
7.9986  (probably packed)

Code size:
91 KB (93,184 bytes)

The file torrentdownloadersetup.exe has been seen being distributed by the following 2 URLs.

Remove torrentdownloadersetup.exe - Powered by Reason Core Security