bundle_networkmanager.exe

Chicago Blackhawks

Develop Invest GROUP, TOV

The application bundle_networkmanager.exe by Develop Invest GROUP, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.hrwrap.tech.
Publisher:
Chicago Blackhawks Ltd  (signed by Develop Invest GROUP, TOV)

Product:
Chicago Blackhawks

Description:
Philadelphia

Version:
3.6.12.2

MD5:
6ee47b14bc09654237cc285debc234f5

SHA-1:
916cd6ec05aa68f1bbb398fe28e94321dca92deb

SHA-256:
f55f1450cc349dfe9d18629b2a805066c9c649fa2467dca36fef2c08b1c94dd0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 6:13:42 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize.DevelopI (M)
16.4.28.1

File size:
344 KB (352,288 bytes)

Product version:
3.6.0.0

Original file name:
hawks.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\bundle_networkmanager.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/16/2016 8:00:00 PM

Valid to:
4/17/2017 7:59:59 PM

Subject:
CN="Develop Invest GROUP, TOV", OU=IT, O="Develop Invest GROUP, TOV", STREET="vul. Katerynynska, 33", L=Odesa, S=Odeska, PostalCode=65000, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4D63C89BF3BE8D25145431EFD3FD9B18

File PE Metadata
Compilation timestamp:
4/22/2016 10:09:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:5eSCR/0CpH7GpJ7b1pku0L15wBEqWUyJjVIiUnYS7dQx+EzlG4GI:5CR/dH6zgfiK/jVNaQMEzVf

Entry address:
0x36BE

Entry point:
E8, 53, 27, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 50, 31, C0, 89, D8, EB, 03, EB, 00, B8, 90, 90, EB, 03, B8, 83, F8, 58, 81, EC, 28, 03, 00, 00, A3, A8, CF, 3A, 00, 89, 0D, A4, CF, 3A, 00, 89, 15, A0, CF, 3A, 00, 89, 1D, 9C, CF, 3A, 00, 89, 35, 98, CF, 3A, 00, 89, 3D, 94, CF, 3A, 00, 66, 8C, 15, C0, CF, 3A, 00, 66, 8C, 0D, B4, CF, 3A, 00, 66, 8C, 1D, 90, CF, 3A, 00, 66, 8C, 05, 8C, CF, 3A, 00, 66, 8C, 25, 88, CF, 3A, 00, 66, 8C, 2D, 84, CF, 3A, 00, 9C, 8F, 05, B8, CF, 3A, 00, 8B, 45, 00, A3, AC...
 
[+]

Entropy:
7.1862

Code size:
28.5 KB (29,184 bytes)

The file bundle_networkmanager.exe has been seen being distributed by the following URL.

Remove bundle_networkmanager.exe - Powered by Reason Core Security