installmanagerns.exe

File Downloader

The application installmanagerns.exe by File Downloader has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. It is also typically executed from the user's temporary directory.
Publisher:
File Downloader  (signed and verified)

MD5:
191ba420a78d090807e1da4c39c4a0c4

SHA-1:
d4319e489f30a271e5b625789c62591e0f7ecb94

SHA-256:
7d23c5037cd30be4cfe29445bffc876c2fc528932bb6217f167e48bfff5d601a

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/24/2024 4:23:37 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen
7.11.218.214

AVG
AdLoad
2016.0.3165

Dr.Web
Threat.Undefined
9.0.1.05190

G Data
NSIS.Adware.InstallMonetizer
15.3.25

NANO AntiVirus
Trojan.Nsis.Downloader.djhpgw
0.30.8.659

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.FileDownloader
15.3.20.11

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.15318

VIPRE Antivirus
Threat.4786532
38552

File size:
248.8 KB (254,816 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\installmanagerns.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/10/2014 1:00:00 AM

Valid to:
9/11/2015 12:59:59 AM

Subject:
CN=File Downloader, OU=Weather Ping, O=File Downloader, STREET=5655 Silver Creek Valley Road, L=San Jose, S=CA, PostalCode=95138, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6C4833E98E5E20FEC258194CE08B6826

File PE Metadata
Compilation timestamp:
12/5/2009 10:52:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:xFJ06yQpiENHZXD7pJ59ECadigTZyt5q2pd5A8Ww4YY:dj5T7pBAdZybJd5A8PY

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8612

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove installmanagerns.exe - Powered by Reason Core Security