visicom_antiphishing.exe

Anti-Phishing Domain Advisor

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application visicom_antiphishing.exe, “Visicom Media Anti-Phishing Domain Advisor (Powered by Panda Security)” by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Anti-phishing Domain Advisor’.
Publisher:
Visicom Media Inc. (Powered by Panda Security)  (signed by Visicom Media Inc.)

Product:
Anti-Phishing Domain Advisor

Description:
Visicom Media Anti-Phishing Domain Advisor (Powered by Panda Security)

Version:
1, 0, 0, 128

MD5:
9ae92edc63a1be5769669ef26083d556

SHA-1:
0bea5433b15f354971922d21f302e08c894e3a1b

SHA-256:
d19e20a6e4525a78a5942c52391dad116d5f24d5f6e70946b3ac3e9b00888945

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/14/2024 3:18:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Visicom (M)
17.1.25.5

File size:
218.2 KB (223,400 bytes)

Product version:
1.0

Copyright:
Copyright (C) 2010 Visicom Media Inc.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\anti-phishing domain advisor\visicom_antiphishing.exe

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
6/23/2010 6:00:00 PM

Valid to:
6/21/2012 5:59:59 PM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
73C74D9445094BFD79759F7B9CAFD730

File PE Metadata
Compilation timestamp:
12/8/2010 9:53:43 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x12082

Entry point:
E8, D8, 7E, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C...
 
[+]

Entropy:
6.2318

Code size:
126.5 KB (129,536 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Anti-phishing Domain Advisor

Command:
"C:\ProgramData\anti-phishing domain advisor\visicom_antiphishing.exe"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to visicom-102.nationalnet.com  (69.50.130.33:80)

TCP (HTTP):
Connects to visicom-101.nationalnet.com  (69.50.130.31:80)

Remove visicom_antiphishing.exe - Powered by Reason Core Security