visicom_antiphishing.exe

Anti-phishing Domain Advisor (Powered by Panda Security)

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application visicom_antiphishing.exe by Visicom Media has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Anti-phishing Domain Advisor’. This file is typically installed with the program Anti-phishing Domain Advisor by Visicom Media Inc. which is a potentially unwanted software program.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
Anti-phishing Domain Advisor (Powered by Panda Security)

Version:
1, 0, 0, 0

MD5:
1cfbea211e49dd7de0b8877099436d36

SHA-1:
b20a610963f1ef70fba95c6a7f36604cfc3b08b2

SHA-256:
de6e696183fcfd349347f2acaad568b057d93aa5b4706e438c592104aa086da7

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:58:35 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Startup.VisicomMedia.U
188838

Reason Heuristics
PUP.Startup.VisicomMedia.U
14.10.1.11

File size:
229.6 KB (235,072 bytes)

Product version:
1.0

Copyright:
Copyright (C) 2013 Visicom Media Inc.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\anti-phishing domain advisor\visicom_antiphishing.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
4/18/2012 7:00:00 AM

Valid to:
6/22/2014 6:59:59 AM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B19B54BB7ABEE1A2623111C029AF449

File PE Metadata
Compilation timestamp:
5/11/2013 3:26:26 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:JZhjw+JiXBzz3PGGO5oMdI1xK5871XEBkFaYr1TJxnBj5tqWMCpwkk8FvLtDnnXY:lkr1k5oMd8xKu1XhrZLQMwkBXY

Entry address:
0x12AD2

Entry point:
E8, D8, 7E, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C...
 
[+]

Code size:
129.5 KB (132,608 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Anti-phishing Domain Advisor

Command:
"C:\ProgramData\anti-phishing domain advisor\visicom_antiphishing.exe"


The file visicom_antiphishing.exe has been discovered within the following program.

Anti-phishing Domain Advisor  by Visicom Media Inc.
The Visicom Anti-phishing Domain Advisor Toolbar, powered by Panda Security, will analyze the current web sites you are visiting against a URL database and determine if the site is a potential phishing threat.
software.visicommedia.com/en/products/antiphishing
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to visicom-102.nationalnet.com  (69.50.130.33:80)

TCP (HTTP):
Connects to visicom-101.nationalnet.com  (69.50.130.31:80)

Remove visicom_antiphishing.exe - Powered by Reason Core Security