verizontb_6.0.0.33.exe

Verizon Toolbar

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application verizontb_6.0.0.33.exe, “Verizon Toolbar Installer” by Visicom Media has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from www.verizon.com and multiple other hosts.
Publisher:
Verizon and Visicom Media Inc.  (signed by Visicom Media Inc.)

Product:
Verizon Toolbar

Description:
Verizon Toolbar Installer

Version:
6.0

MD5:
78429b8ccc59d19c73ea5c4b1dd8be29

SHA-1:
24df54be94c3465098a0735a7469f67e97063698

SHA-256:
a34efc4c8c9275b4ed6e5b3a249e7765f61901d54c31113872f3d740135ad26f

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
The setup program may install a variant of the Visicom Toolbar, a web browser extension that may modify the browser's home and search pages.

Analysis date:
11/17/2024 9:38:48 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Adware.VerizonToolbarInstaller.VisicomMedia.P
2013.7.22.1

ESET NOD32
Win32/Toolbar.Visicom (variant)
7.9279

Reason Heuristics
PUP.VerizonToolbarInstaller.VisicomMedia.P
14.8.7.19

File size:
1 MB (1,090,400 bytes)

Product version:
6.0.0.33

Copyright:
© Visicom Media Inc. (License)

Trademarks:
Verizon and Visicom Media Inc., All Rights Reserved

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\verizontb_6.0.0.33.exe

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
6/23/2010 8:00:00 PM

Valid to:
6/21/2012 7:59:59 PM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
73C74D9445094BFD79759F7B9CAFD730

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:qkPE3bH1NexCl0s7QavMvXP0mTjPgiuyxl0Ti5wmGgwtbYRzgJO:VELVNew3REvX3jzluaiSRz7

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9824  (probably packed)

Code size:
23 KB (23,552 bytes)

The file verizontb_6.0.0.33.exe has been seen being distributed by the following 4 URLs.

http://www.verizon.com/foryourhome/myaccount/unprotected/toolbar/.../verizonTb_6.0.0.33.exe

Remove verizontb_6.0.0.33.exe - Powered by Reason Core Security