home

manydownloader32.free.exe

ManyDownloader

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application manydownloader32.free.exe by Visicom Media has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.manydownloader.com and multiple other hosts.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
ManyDownloader

Version:
1.5.3.1

MD5:
6cbc1502d492feb5140ff3102fcff84e

SHA-1:
8d2059743a9d3bb3582d00f8ec785e3d2a47a2f7

SHA-256:
99a717fc8adfb77e8f6990003936945201c0b8788de33168e23ef5ec2e79bdb0

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 12:38:10 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Visicom
7.1.1

AVG
Generic
2016.0.2955

Bkav FE
W32.HfsAdware
1.3.0.7237

Dr.Web
Tool.InstallToolbar.174
9.0.1.0289

ESET NOD32
Win32/Toolbar.Visicom.E potentially unwanted (variant)
9.12370

Fortinet FortiGate
Riskware/Visicom
10/16/2015

McAfee
Artemis!6CBC1502D492
5600.6611

Reason Heuristics
PUP.Visicom.VisicomMedia (M)
15.10.16.10

VIPRE Antivirus
Trojan.Win32.Generic
44358

File size:
18.4 MB (19,260,440 bytes)

Product version:
1.6.4.204

Copyright:
Copyright © 1996-2015 Visicom Media Inc.

Trademarks:
ManyDownloader is a trademark of Visicom Media

Original file name:
ManyDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\manydownloader32.free.exe

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Symantec Corporation

Valid from:
2/8/2015 10:00:00 PM

Valid to:
2/8/2017 9:59:59 PM

Subject:
CN=Visicom Media Inc., OU=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
0F7022688814C950B353E71B8D1C1D84

File PE Metadata
Compilation timestamp:
7/14/2015 11:17:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
393216:gj8LTpVsYh0IW+xAfJFQfbns9lW/OSDKDOPVSACS78oGwPu7cs9CsR:gj8DvhifQTns9lqOS6D6wwPq5C

Entry address:
0x6C46

Entry point:
E8, 62, 39, 00, 00, E9, 7F, FE, FF, FF, E9, 0F, 09, 00, 00, 3B, 0D, 10, E1, 42, 00, 75, 02, F3, C3, E9, 48, 14, 00, 00, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, E8, 23, 2F, 00, 00, 8B, D0, 89, 56, 08, 8B, 4A, 6C, 89, 0E, 8B, 4A, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 6C, E9, 42, 00, 74, 11, A1, 2C, EA, 42, 00, 85, 42, 70, 75, 07, E8, 61, 42, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 70, E1, 42, 00, 74, 15, 8B, 4E, 08, A1, 2C, EA, 42, 00, 85, 41, 70, 75, 08, E8, C4, 45, 00, 00, 89, 46, 04, 8B...
 
[+]

Code size:
127.5 KB (130,560 bytes)

The file manydownloader32.free.exe has been seen being distributed by the following 2 URLs.

https://www.manydownloader.com/.../32

ftp://ftp.torrentdownloader.com/.../ManyDownloader32.FREE.exe

Remove manydownloader32.free.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.