home

downloadmanager.exe

DownloadManager

OutBrowse LTD

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application downloadmanager.exe by OutBrowse has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
@   (signed by OutBrowse LTD)

Product:
DownloadManager

Description:
Manages Apps

Version:
1.0.0.1

MD5:
3ec19df8635155f751a18762af72162e

SHA-1:
01c57ed5d407797c047dac6ede4f0c6d349334e4

SHA-256:
667ebd79214aabdd6c7710dc60138cfcdce9dd2436c12e2e450ddaafed36ad8b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 9:33:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse (M)
16.8.6.14

File size:
1.3 MB (1,315,896 bytes)

Product version:
1.0.0.1

Copyright:
(c). All rights reserved.

Original file name:
apps.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\downloadmanager.exe

Digital Signature
Signed by:
OutBrowse LTD

Authority:
Symantec Corporation

Valid from:
2/26/2013 1:00:00 AM

Valid to:
2/27/2014 12:59:59 AM

Subject:
CN=OutBrowse LTD, O=OutBrowse LTD, L=Ramat Gan, S=Ramat Gan, C=IL, SERIALNUMBER=514686914, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
06C1C2AE3E180ADDA27BBF2BD8EAC0E7

File PE Metadata
Compilation timestamp:
10/16/2013 11:50:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:TlRGax5QKfqje+UeZP44gUNq7BZz01F8fuoF2jthPN0/rvr:TfGKCjWeJ8lO1efuoMjtFNcrD

Entry address:
0xE524F

Entry point:
E8, 2D, AD, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, CC, 40, 52, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 2D, 9C, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 1D, 9C, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49...
 
[+]

Entropy:
6.3099

Code size:
1021 KB (1,045,504 bytes)

Remove downloadmanager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.