ManyDownloader.exe

ManyDownloader

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application ManyDownloader.exe by Visicom Media has been detected as a potentially unwanted program by 4 anti-malware scanners. While running, it connects to the Internet address checkip-ams.dyndns.com on port 80 using the HTTP protocol.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
ManyDownloader

Version:
1.6.4.202

MD5:
8348994f722d3d83b5e505a8a5e68362

SHA-1:
8a569f02dce72b6bfe28bba47bafb9ccba6f7713

SHA-256:
8fa457d21660fae48384c73dc6f4a107820e948e40af00962a27d93e183f3b6f

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:54:32 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3104

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Tool.InstallToolbar.174
9.0.1.0140

Reason Heuristics
PUP.Visicom.ManyDownloader
15.5.20.1

File size:
27.5 MB (28,850,712 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 1996-2014 Visicom Media Inc.

Original file name:
ManyDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\visicom media\manydownloader\manydownloader.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
2/8/2015 10:00:00 PM

Valid to:
2/8/2017 9:59:59 PM

Subject:
CN=Visicom Media Inc., OU=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
0F7022688814C950B353E71B8D1C1D84

File PE Metadata
Compilation timestamp:
2/19/2015 4:10:25 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:HvVKvURBcGrs7WZ2vVwUPYSZMmlbEFBo9Bn7e987k8Gsy4jzcX0GJqGUVvtdDSA8:9KvURa6DKAPFa9WPktdjG

Entry address:
0x136C5D4

Entry point:
55, 8B, EC, 83, C4, EC, 53, 33, C0, 89, 45, EC, B8, B8, 18, 73, 01, E8, CE, 3B, CA, FE, 8B, 1D, 24, B1, 86, 01, 33, C0, 55, 68, B2, C6, 76, 01, 64, FF, 30, 64, 89, 20, E8, E9, 5E, EF, FF, E8, 00, 5B, EF, FF, 84, C0, 75, 05, E8, 53, 11, D3, FE, 8D, 45, EC, E8, CB, 29, F9, FF, 8B, 55, EC, A1, AC, 84, 86, 01, 8B, 00, 05, E4, 01, 00, 00, E8, 13, E4, C9, FE, 8B, 03, E8, 98, B4, F6, FE, 8B, 03, B2, 01, E8, D7, D1, F6, FE, 8B, 03, BA, CC, C6, 76, 01, E8, B3, AE, F6, FE, 8B, 0D, 48, 9E, 86, 01, 8B, 03, 8B, 15, C8...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
19.4 MB (20,361,216 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to checkip.dyndns.com  (216.146.43.70:80)

TCP:
Connects to m213-102-155-144.cust.tele2.lv  (213.102.155.144:20026)

TCP:
Connects to ip-189-97-85-105.user.vivozap.com.br  (189.97.85.105:15252)

TCP:
Connects to host-81-200-53-249.ip.nej.cz  (81.200.53.249:17449)

TCP:
Connects to host-197.39.10.202.tedata.net  (197.39.10.202:23409)

TCP:
Connects to h221-210-244-112.seed.net.tw  (210.244.112.221:16881)

TCP:
Connects to dtf110.neoplus.adsl.tpnet.pl  (83.24.243.110:22882)

TCP (HTTP):
Connects to checkip-ams.dyndns.com  (91.198.22.70:80)

TCP:
Connects to catv-80-99-15-163.catv.broadband.hu  (80.99.15.163:61344)

TCP:
Connects to campus24.campus.ttu.ee  (193.40.241.24:15540)

TCP:
Connects to bd7a62a5.virtua.com.br  (189.122.98.165:19410)

TCP:
Connects to b3ea4c80.virtua.com.br  (179.234.76.128:32129)

TCP:
Connects to b1c0fea5.virtua.com.br  (177.192.254.165:12889)

TCP:
Connects to 95-129-193-97.tll.elisa.ee  (95.129.193.97:53031)

TCP:
Connects to 93-185-242-97.rakvere.stv.ee  (93.185.242.97:33637)

TCP:
Connects to 92.40.249.170.threembb.co.uk  (92.40.249.170:62551)

TCP:
Connects to 88-145-151-225.host.pobb.as13285.net  (88.145.151.225:27326)

TCP:
Connects to 80-101-224-51.ip.xs4all.nl  (80.101.224.51:10288)

TCP:
Connects to 67-223-193-150.nefcom.net  (67.223.193.150:50961)

TCP:
Connects to 5e07b52c.bb.sky.com  (94.7.181.44:18011)

Remove ManyDownloader.exe - Powered by Reason Core Security