home

ManyDownloader.exe

ManyDownloader

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application ManyDownloader.exe by Visicom Media has been detected as a potentially unwanted program by 3 anti-malware scanners. While running, it connects to the Internet address 60-240-108-11.static.tpgi.com.au on port 21435.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
ManyDownloader

Version:
2.0.1.333

MD5:
75989f159131c7c4db4245f6ad4a44f2

SHA-1:
397daef7e5c8293ae3642c0dd3fd04036eea5f0c

SHA-256:
474396d6e1b52e2a5a180dbe99b128b056f5ab15718689089b5caa131005fb14

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 8:47:12 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2017.0.2845

Bkav FE
W32.HfsAdware
1.3.0.6979

Reason Heuristics
PUP.Visicom.VisicomMedia (M)
16.2.2.18

File size:
26.9 MB (28,154,360 bytes)

Product version:
2.0.0.0

Copyright:
Copyright © 1996-2016 Visicom Media Inc.

Original file name:
ManyDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\manydownloader\manydownloader.exe

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Symantec Corporation

Valid from:
2/8/2015 9:00:00 PM

Valid to:
2/8/2017 8:59:59 PM

Subject:
CN=Visicom Media Inc., OU=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
0F7022688814C950B353E71B8D1C1D84

File PE Metadata
Compilation timestamp:
1/26/2016 4:29:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:2e2BhoSMZABAlyGC1m9TgilX5o/sty/XK4M0bSnEBVSocEJrtdSwamTr2rGWU:sBhoSM+BAPaXKDqnNtdSwamTG2

Entry address:
0x120A0DC

Entry point:
55, 8B, EC, 83, C4, EC, 53, 33, C0, 89, 45, EC, B8, 24, 8D, 5C, 01, E8, B6, 68, E0, FE, 8B, 1D, BC, B1, 70, 01, 33, C0, 55, 68, E1, A1, 60, 01, 64, FF, 30, 64, 89, 20, E8, 69, BA, EE, FF, E8, CC, B6, EE, FF, 84, C0, 75, 05, E8, 57, 12, E9, FE, 8D, 45, EC, E8, B7, BE, F8, FF, 8B, 55, EC, A1, 60, 84, 70, 01, 8B, 00, 05, E4, 01, 00, 00, E8, 6B, 0D, E0, FE, 8B, 03, E8, 6C, 2A, 0B, FF, A1, 94, D4, 70, 01, 8B, 00, 8B, 90, 8C, 00, 00, 00, 8B, 03, E8, 7C, 24, 0B, FF, 8B, 03, B2, 01, E8, 97, 47, 0B, FF, 8B, 03, BA...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
18 MB (18,912,256 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to 177.19.153.208.static.adsl.gvt.net.br  (177.19.153.208:16881)

TCP:
Connects to 60-240-108-11.static.tpgi.com.au  (60.240.108.11:21435)

TCP:
Connects to wtl.worldcall.net.pk  (111.88.197.231:17442)

TCP:
Connects to ppp089210170237.access.hol.gr  (89.210.170.237:24874)

TCP:
Connects to ppp079166032017.access.hol.gr  (79.166.32.17:41468)

TCP:
Connects to pc-143-201-45-190.cm.vtr.net  (190.45.201.143:51413)

TCP:
Connects to ip-213-127-34-182.ip.prioritytelecom.net  (213.127.34.182:46697)

TCP:
Connects to hfc-181-142-208-0.une.net.co  (181.142.208.0:31243)

TCP:
Connects to c-09d871d5.06-803-7570702.cust.bredbandsbolaget.se  (213.113.216.9:36440)

TCP:
Connects to bb407f24.virtua.com.br  (187.64.127.36:55788)

TCP:
Connects to 165-255-141-15.ip.adsl.co.za  (165.255.141.15:49330)

TCP:
Connects to 128.76.88.116.starhub.net.sg  (116.88.76.128:27262)

TCP (HTTP SSL):
Connects to ec2-52-87-212-95.compute-1.amazonaws.com  (52.87.212.95:443)

Remove ManyDownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.