» ManyDownloader.exe
Overview
Analysis
File Details
Network (1)

ManyDownloader.exe

ManyDownloader

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application ManyDownloader.exe by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

ManyDownloader.exe

Publisher:

Visicom Media Inc. (signed and verified)

Product:

ManyDownloader

Version:

1.5.1.155

MD5:

144d7c79a2ff561695ee89e51b8c1d6a

SHA-1:

76ceafd6aedb637b5fa457e1e99f4f606c0697ed

SHA-256:

9d64824e6acd78b6253c8ad66d14954974182d1711f621873da91ebe42c28aeb

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/14/2024 8:57:32 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ManyDownloader.VisicomMedia.O

14.12.15.10

File size:

25.7 MB (26,907,912 bytes)

Product version:

1.0.0.0

Original file name:

ManyDownloader.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\visicom media\manydownloader\manydownloader.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Thawte, Inc.

Valid from:

5/8/2014 12:00:00 AM

Valid to:

6/20/2016 11:59:59 PM

Subject:

CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

266F9E30991B0C3EFC03DA9B8CDDB68D

File PE Metadata

Compilation timestamp:

9/17/2014 4:01:05 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:A5DrnGBjLlEnOjYlqDuQgVk3PN3x7gTtL8ibkzEidC/BHA7yfk4tdoevUgr2rGRb:A4B/IEY9c7bYdtdooUgGa

Entry address:

0x12188D4

Entry point:

55, 8B, EC, 83, C4, EC, 53, 56, 33, C0, 89, 45, EC, B8, 0C, 25, 5E, 01, E8, E5, 72, DF, FE, 8B, 1D, 20, D6, 6E, 01, 8B, 35, E0, BA, 6E, 01, 33, C0, 55, 68, CF, 8A, 61, 01, 64, FF, 30, 64, 89, 20, E8, 96, F5, E3, FE, 83, C4, F8, DD, 1C, 24, 9B, 8B, C3, BA, EC, 8A, 61, 01, E8, A3, E7, F9, FF, E8, 16, 08, F1, FF, E8, 79, F5, E3, FE, 83, C4, F8, DD, 1C, 24, 9B, 8B, C3, BA, FC, 8A, 61, 01, E8, 86, E7, F9, FF, E8, ED, 03, F1, FF, 84, C0, 75, 05, E8, 14, 22, E8, FE, E8, 53, F5, E3, FE, 83, C4, F8, DD, 1C, 24, 9B... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

18.1 MB (18,971,136 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ec2-52-87-212-95.compute-1.amazonaws.com (52.87.212.95:80)

Remove ManyDownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.