datamngrui.exe

Bandoo Media, Inc

The application datamngrui.exe by Bandoo Media, Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DATAMNGR’. Additionally, the file is typically installed by a number of programs including Searchqu Toolbar by Bandoo Media Inc and Windows Searchqu Toolbar by Bandoo Media Inc, both potentially unwanted software.
Publisher:
Bandoo Media, Inc  (signed and verified)

MD5:
e67aa2cfaf3bacf0f7bb6918ce404aa6

SHA-1:
88477e578dc4175b3f591514d68bff2b6fa25fab

SHA-256:
e18685f9ebd23e9454c17e65426fcccc4d143d31834604b71fa506a2066d45df

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 12:46:47 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BandooToolbar (M)
16.12.6.5

File size:
1.7 MB (1,825,720 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\searchqu toolbar\datamngr\datamngrui.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
11/2/2010 8:00:00 PM

Valid to:
11/2/2012 7:59:59 PM

Subject:
CN="Bandoo Media, Inc", O="Bandoo Media, Inc", L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7AD02DB75E76EA8D8CF4A4D1C2591229

File PE Metadata
Compilation timestamp:
7/8/2012 11:05:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:b34yKGu1vqXASVHVqZvtgRYklvLC4/C9pBe3/2fDEfUtMJGtx:U30XAIHVqzeC03ufDEMtMJGtx

Entry address:
0xE2266

Entry point:
E8, F1, B6, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, A1, B9, 00, 00, 83, C4, 0C, 5D, C3, 8B, FF, 55, 8B, EC, 5D, E9, DF, FF, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, 3D, 94, 13, 56, 00, 00, 74, 2D, 55, 8B, EC, 83, EC, 08, 83, E4, F8, DD, 1C, 24, F2, 0F, 2C, 04, 24, C9, C3, 83, 3D, 94, 13, 56, 00, 00, 74, 11, 83, EC, 04, D9, 3C, 24, 58, 66, 83, E0, 7F, 66, 83, F8, 7F, 74, D3, 55, 8B, EC, 83, EC, 20, 83, E4, F0, D9, C0, D9, 54, 24, 18, DF...
 
[+]

Entropy:
6.1951

Code size:
1.1 MB (1,177,600 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DATAMNGR

Command:
C:\Program Files2\search~1\datamngr\datamn~1.exe


The file datamngrui.exe has been discovered within the following programs.

Searchqu Toolbar  by Bandoo Media Inc
The Searchqu Toolbar is a Bandoo powered toolbar (by Bandoo Media Inc) for Intenet Explorer and Firefox.
searchqu.com
83% remove it
Windows Searchqu Toolbar  by Bandoo Media Inc
Windows Searchqu Toolbar is an ad-supported program installed into Internet Explorer, Firefox and Chrome.
www.searchqu.com
88% remove it
 
Powered by Should I Remove It?

Remove datamngrui.exe - Powered by Reason Core Security