» installmanagerns.exe
Overview
Analysis
File Details

installmanagerns.exe

File Downloader

The application installmanagerns.exe by File Downloader has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. It is also typically executed from the user's temporary directory.

File name:

Publisher:

File Downloader (signed and verified)

MD5:

191ba420a78d090807e1da4c39c4a0c4

SHA-1:

d4319e489f30a271e5b625789c62591e0f7ecb94

SHA-256:

7d23c5037cd30be4cfe29445bffc876c2fc528932bb6217f167e48bfff5d601a

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

11/5/2024 11:40:23 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/Downloader.Gen

7.11.218.214

AVG

AdLoad

2016.0.3165

Dr.Web

Threat.Undefined

9.0.1.05190

G Data

NSIS.Adware.InstallMonetizer

15.3.25

NANO AntiVirus

Trojan.Nsis.Downloader.djhpgw

0.30.8.659

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.FileDownloader

15.3.20.11

Rising Antivirus

NS:PUF.SilenceInstaller!1.9DDF

23.00.65.15318

VIPRE Antivirus

Threat.4786532

38552

File size:

248.8 KB (254,816 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\installmanagerns.exe

Digital Signature

Signed by:

File Downloader

Authority:

COMODO CA Limited

Valid from:

9/10/2014 1:00:00 AM

Valid to:

9/11/2015 12:59:59 AM

Subject:

CN=File Downloader, OU=Weather Ping, O=File Downloader, STREET=5655 Silver Creek Valley Road, L=San Jose, S=CA, PostalCode=95138, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6C4833E98E5E20FEC258194CE08B6826

File PE Metadata

Compilation timestamp:

12/5/2009 10:52:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:xFJ06yQpiENHZXD7pJ59ECadigTZyt5q2pd5A8Ww4YY:dj5T7pBAdZybJd5A8PY

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, 1C, 45, 00, E8, F1, 2B, 00, 00, A3, 64, 1B, 45, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 37, 43, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, DB, 44, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, A0, 47, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.8612

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove installmanagerns.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.