» uninstall_load.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

uninstall_load.exe

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application uninstall_load.exe by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program Parental Control Toolbar. This file is typically installed with the program Parental Control Toolbar by WRAAC.org.

File name:

uninstall_load.exe

Publisher:

Visicom Media Inc. (signed and verified)

MD5:

035c2a5fad1a8aa3b270a6fa31d9143d

SHA-1:

2e497955bf98ec35500ac2b9f203b10ef69b002e

SHA-256:

af79864615ee915b8d1a1c59bbf22620fe5dcd4dee1dc73a18da9041f1911b3c

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/14/2024 2:58:13 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Visicom.VisicomMedia (M)

16.2.15.8

File size:

538.3 KB (551,184 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\parentalcontrol\uninstall_load.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

6/23/2005 6:48:39 PM

Valid to:

6/20/2006 3:44:48 AM

Subject:

CN=Visicom Media Inc., OU=Secure Application Development, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

3F88F4

File PE Metadata

Compilation timestamp:

6/19/1992 5:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:vamJcQSiQp/BeaeaaM3XQbu+oHVBx5Y60UAn3sCmlhO:vamJtoYaMMQbur1nqV3s3lQ

Entry address:

0x74144

Entry point:

55, 8B, EC, 83, C4, F0, B8, 1C, 3F, 47, 00, E8, 64, 27, F9, FF, 33, C0, 55, 68, CB, 41, 47, 00, 64, FF, 30, 64, 89, 20, BA, C0, 7C, 47, 00, B8, 01, 00, 00, 00, E8, 23, ED, F8, FF, A1, C0, 7C, 47, 00, BA, E0, 41, 47, 00, E8, 64, 0C, F9, FF, 75, 0A, E8, 95, E0, FF, FF, E8, F0, CC, FF, FF, A1, C0, 7C, 47, 00, BA, F4, 41, 47, 00, E8, 49, 0C, F9, FF, 75, 0A, E8, 3A, F1, FF, FF, E8, D5, CC, FF, FF, A1, C0, 7C, 47, 00, BA, 08, 42, 47, 00, E8, 2E, 0C, F9, FF, 75, 05, E8, 1B, FC, FF, FF, 33, C0, 5A, 59, 59, 64, 89... 
[+]

Entropy:

6.6356

Developed / compiled with:

Microsoft Visual C++

Code size:

461 KB (472,064 bytes)

Program Uninstaller

Program name:

Parental Control Toolbar

Uninstall string:

C:\Program Files (x86)\parentalcontrol\uninstall_load.exe -uninstall -prompt

The file uninstall_load.exe has been discovered within the following program.

Parental Control Toolbar by WRAAC.org

"When your child attempts to access a website the toolbar first checks if the site is self-labeled, compares this site label to your parental settings and determines whether to block or allow access.

www.parentalcontrolbar.org

53% remove it

Remove uninstall_load.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.