vmntoolbox.exe

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application vmntoolbox.exe by Visicom Media has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from files.downloadnow.com.
Publisher:
Visicom Media Inc.  (signed and verified)

MD5:
a7692a873ce8c1767d425b729b663a25

SHA-1:
a9d89e89307156a8e099dafe3b0706139ab60dd5

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 2:51:09 PM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/Adware.SRO
v6.4.7.1.166

Panda Antivirus
Adware/WebSearch
14.09.20.11

Reason Heuristics
PUP.VisicomMedia.K
14.9.20.23

File size:
1.9 MB (2,038,152 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
5/31/2006 1:00:00 AM

Valid to:
6/22/2007 12:59:59 AM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
46009F112341EB9E47AD9A71D868DC95

File PE Metadata
Compilation timestamp:
1/13/2007 6:26:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:xJga4pi4MCq586wnou+npG3dooljVD7Ej/5oH1Hs7Uzi9q/vH5GlnMgKBCcZy8sr:xJz14Evw/+ngKcdodoes8o5GlzKMi61

Entry address:
0x3132

Entry point:
81, EC, 7C, 01, 00, 00, 53, 55, 56, 33, F6, 57, 89, 74, 24, 18, BD, 40, 92, 40, 00, C6, 44, 24, 10, 20, FF, 15, 30, 70, 40, 00, 56, FF, 15, 70, 72, 40, 00, A3, F0, 47, 42, 00, 56, 8D, 44, 24, 30, 68, 60, 01, 00, 00, 50, 56, 68, F8, FC, 41, 00, FF, 15, 58, 71, 40, 00, 68, 30, 92, 40, 00, 68, 40, 3F, 42, 00, E8, 28, 28, 00, 00, BB, 00, B4, 42, 00, 53, 68, 00, 04, 00, 00, FF, 15, B4, 70, 40, 00, E8, 64, FF, FF, FF, 85, C0, 75, 24, 68, FB, 03, 00, 00, 53, FF, 15, B0, 70, 40, 00, 68, 28, 92, 40, 00, 53, E8, 13...
 
[+]

Entropy:
7.9962

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file vmntoolbox.exe has been seen being distributed by the following URL.

Remove vmntoolbox.exe - Powered by Reason Core Security