vbmz.exe

Visual Software Systems LTD

The application vbmz.exe by Visual Software Systems has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Visual Software Systems LTD  (signed and verified)

MD5:
b7dba43bbb52f134dc087de56765adfe

SHA-1:
96fae8df7ee6d50c2b7c6f2cbe1f38d209d31ccd

SHA-256:
ea5a696718e660917c75a253922757311169ba11e9a6f055ac830f8efca89117

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/25/2024 1:35:54 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Babylon
7.1.1

AVG
Toolbar
2016.0.3025

Baidu Antivirus
Adware.Win32.Bbylon
4.0.3.1586

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Adware.Babylon.15
9.0.1.0218

ESET NOD32
Win32/Toolbar.Babylon potentially unwanted
9.11892

Fortinet FortiGate
W32/Toolbar.BABYLON
8/6/2015

McAfee
Artemis!B7DBA43BBB52
5600.6681

Reason Heuristics
Win32.Generic.VisualSoftwareSystems.Installer.Meta
15.8.6.17

File size:
934.1 KB (956,536 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\vbmz.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
8/6/2012 7:00:00 PM

Valid to:
10/17/2012 6:59:59 PM

Subject:
CN=Visual Software Systems LTD, O=Visual Software Systems LTD, L=Tel-Aviv, S=Tel-Aviv, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4B7CEA5C5E19A751EAC2DB7A32D00AAE

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:ets/wwNy/nNpP7n9l2RmSF4G78AvCtZ8q2voaxtoNp7Rv9VQqUE9T:c/NtAteGLhq2waPG9l2A9T

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9919

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove vbmz.exe - Powered by Reason Core Security