» visualdiscovery.exe
Overview
Analysis
File Details
Behaviors (1)
Network (81)

visualdiscovery.exe

VisualDiscovery.exe

Superfish Inc.

The application visualdiscovery.exe by Superfish has been detected as adware by 19 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “VisualDiscovery”. While running, it connects to the Internet address 123-125-232-198.static.unitasglobal.net on port 443.

File name:

visualdiscovery.exe

Publisher:

Superfish, Inc. (signed by Superfish Inc.)

Product:

VisualDiscovery.exe

Version:

2.2.9.3

MD5:

090506c596d1dd52ddfa70c22217b259

SHA-1:

99af9cfc7ab47f847103b5497b746407dc566963

SHA-256:

5c0b244ca49b193ace33417d2ea40fc9761daa91f1d32229d345205d591a0d83

Scanner detections:

19 / 68

Status:

Adware

Analysis date:

11/5/2024 10:08:45 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.PHZ

712

Avira AntiVirus

TR/Spy.ZBot.ams

7.11.168.254

avast!

Win32:Adware-gen [Adw]

2014.9-150223

AVG

Superfish.4d6

2016.0.3190

Bitdefender

Adware.Agent.PHZ

1.0.20.270

Dr.Web

Adware.Superfish.1

9.0.1.054

Emsisoft Anti-Malware

Adware.Agent.PHZ

8.15.02.23.12

ESET NOD32

Win32/Adware.SuperFish

9.11211

F-Secure

Adware.Agent.PHZ

11.2015-23-02_2

G Data

Adware.Agent.PHZ

15.2.25

IKARUS anti.virus

Trojan.Spy.ZBot

t3scan.1.7.5.0

K7 AntiVirus

Adware

13.197.15041

Malwarebytes

PUP.Optional.SuperFish

v2015.02.23.12

MicroWorld eScan

Adware.Agent.PHZ

16.0.0.162

Qihoo 360 Security

Win32/Trojan.Spy.ec5

1.0.0.1015

Reason Heuristics

PUP.Service.Superfish

15.3.1.9

Sophos

SuperFish

4.98

Trend Micro House Call

ADW_SUPERFISH

7.2.54

Trend Micro

ADW_SUPERFISH

10.465.23

File size:

1.3 MB (1,354,296 bytes)

Product version:

2.2.9.3

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\lenovo\visualdiscovery\visualdiscovery.exe

Digital Signature

Signed by:

Superfish Inc.

Authority:

Thawte, Inc.

Valid from:

7/28/2013 8:00:00 PM

Valid to:

7/27/2014 7:59:59 PM

Subject:

CN=Superfish Inc., O=Superfish Inc., L=Grandville, S=Michigan, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3E32431476CFB3E1F90955B25396A6F4

File PE Metadata

Compilation timestamp:

6/21/2014 11:35:25 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

24576:cgezVaT9rWd9G8MuGqx0jpD2NMPaA5SN6Yw5CPZ4cUoKH+ugJ8EDL:cfATlWdauGqx0uoBCPdUoU8DL

Entry address:

0x359F

Entry point:

E8, E8, 3B, 00, 00, E9, A4, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 69, 0C, 00, 00, 8B, FF, 56, 6A, 01, 68, 68, 90, 41, 00, 8B, F1, E8, 23, 10, 00, 00, C7, 06, F4, 32, 41, 00, 8B, C6, 5E, C3, C7, 01, F4, 32, 41, 00, E9, 88, 10, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, F4, 32, 41, 00, E8, 75, 10, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, B0, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, F4, 0F, 00, 00, C7, 06, F4, 32, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 8B... 
[+]

Entropy:

7.9798 (probably packed)

Code size:

64.5 KB (66,048 bytes)

Service

Display name:

VisualDiscovery

Description:

VisualDiscovery Service

Type:

Win32OwnProcess

Depends on:

RPCSS

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to unknown.telstraglobal.net (210.176.156.35:80)

TCP (HTTP):

Connects to a23-49-28-168.deploy.static.akamaitechnologies.com (23.49.28.168:80)

TCP (HTTP):

Connects to usve252756.serverprofi24.net (209.126.98.209:80)

TCP (HTTP):

Connects to a23-35-214-194.deploy.static.akamaitechnologies.com (23.35.214.194:80)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-lhr3.facebook.com (31.13.90.36:443)

TCP (HTTP SSL):

Connects to a23-0-179-83.deploy.static.akamaitechnologies.com (23.0.179.83:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-fra3.fbcdn.net (31.13.93.7:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-amt2.fbcdn.net (31.13.64.21:443)

TCP:

Connects to tw142-static150.tw1.com (119.63.142.150:8989)

TCP (HTTP):

Connects to s-prd-umpxl-adcom-scd-blue-b.evip.aol.com (149.174.66.131:80)

TCP (HTTP SSL):

Connects to edge-z-1-p2-shv-01-amt2.facebook.com (31.13.64.41:443)

TCP (HTTP SSL):

Connects to edge-z-1-p2-shv-01-ams3.facebook.com (31.13.91.40:443)

TCP (HTTP SSL):

Connects to edge-star-shv-01-amt2.facebook.com (31.13.64.16:443)

TCP (HTTP SSL):

Connects to edge-star-shv-01-ams3.facebook.com (31.13.91.2:443)

TCP (HTTP SSL):

Connects to ec2-52-213-128-10.eu-west-1.compute.amazonaws.com (52.213.128.10:443)

TCP (HTTP SSL):

Connects to dh-in-f138.1e100.net (209.85.203.138:443)

TCP (HTTP):

Connects to a23-74-228-201.deploy.static.akamaitechnologies.com (23.74.228.201:80)

TCP (HTTP):

Connects to a23-74-219-99.deploy.static.akamaitechnologies.com (23.74.219.99:80)

TCP (HTTP):

Connects to a23-51-139-205.deploy.static.akamaitechnologies.com (23.51.139.205:80)

TCP (HTTP):

Connects to a23-35-213-109.deploy.static.akamaitechnologies.com (23.35.213.109:80)

Remove visualdiscovery.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.