» netman.exe
Overview
Analysis
File Details
Network (30)

netman.exe

The application netman.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address ip-172-20-20-20.ec2.internal on port 57443.

File name:

netman.exe

MD5:

6a0a5bd6e6aadc34f241b897897755d9

SHA-1:

9885f5b6a1f9b148b64c3e5b5dcd1aa4bcf94eee

SHA-256:

2c79cabae725404360aa78f24ac826aa46eff995c2ae878684a1e05f2bcb0a74

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 2:06:04 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.MintCast

16.2.22.0

File size:

1.7 MB (1,808,384 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\mintcast\addon\netman.exe

File PE Metadata

Compilation timestamp:

9/21/2015 12:05:45 AM

OS version:

6.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

12.0

CTPH (ssdeep):

49152:mGtlqOZVwASOvqo0e/rlVfH1MreqRYueqw892Wu9f41AX+VPIU6ibkPg4:r95aRZmfEAr+bV

Entry address:

0xF7BAC

Entry point:

48, 83, EC, 28, E8, 5B, 07, 00, 00, 48, 83, C4, 28, E9, 7E, FE, FF, FF, FF, 25, 74, F7, 00, 00, FF, 25, 76, F7, 00, 00, FF, 25, 78, F7, 00, 00, FF, 25, 7A, F7, 00, 00, FF, 25, 7C, F7, 00, 00, FF, 25, 7E, F7, 00, 00, FF, 25, 88, F7, 00, 00, FF, 25, 8A, F7, 00, 00, FF, 25, 8C, F7, 00, 00, FF, 25, 8E, F7, 00, 00, FF, 25, 90, F7, 00, 00, FF, 25, 9A, F7, 00, 00, FF, 25, 9C, F7, 00, 00, FF, 25, 9E, F7, 00, 00, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, FF, 15, 9D, F4, 00, 00, B9, 01, 00, 00, 00, 89, 05, B2, 4B... 
[+]

Code size:

1 MB (1,070,080 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-lht6.fbcdn.net (157.240.1.23:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-ord1.fbcdn.net (31.13.74.7:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-sit4.fbcdn.net (31.13.78.17:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-02-dft4.fbcdn.net (31.13.66.5:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-mrs1.fbcdn.net (31.13.75.12:443)

TCP (HTTP SSL):

Connects to edge-video-shv-01-sea1.fbcdn.net (31.13.76.109:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-kul1.facebook.com (31.13.67.36:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-02-dft4.facebook.com (31.13.66.36:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-02-lax3.fbcdn.net (157.240.11.22:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-sin6.fbcdn.net (157.240.7.26:443)

TCP (HTTP SSL):

Connects to jn-in-f139.1e100.net (209.85.234.139:443)

TCP (HTTP SSL):

Connects to jn-in-f136.1e100.net (209.85.234.136:443)

TCP (HTTP SSL):

Connects to jl-in-f102.1e100.net (209.85.200.102:443)

TCP (HTTP SSL):

Connects to edge-video-shv-01-sjc2.fbcdn.net (31.13.77.11:443)

TCP (HTTP SSL):

Connects to edge-star-shv-01-mrs1.facebook.com (31.13.75.8:443)

TCP (HTTP SSL):

Connects to edge-star-shv-01-lga3.facebook.com (31.13.71.1:443)

TCP (HTTP SSL):

Connects to edge-star-shv-01-kul1.facebook.com (31.13.67.1:443)

TCP (HTTP SSL):

Connects to edge-star-shv-01-iad3.facebook.com (31.13.69.197:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-sea1.facebook.com (31.13.76.68:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-mxp1.facebook.com (31.13.86.36:443)

Remove netman.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.