» powermgr.exe
Overview
Analysis
File Details
Behaviors (1)

powermgr.exe

Windows power management

Nanjing Aodimu Tech Co.,Ltd

The application powermgr.exe by Nanjing Aodimu Tech Co.,Ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

powermgr.exe

Publisher:

MicroTools (signed by Nanjing Aodimu Tech Co.,Ltd)

Product:

Windows power management

Version:

1.3.6.2

MD5:

60a77793befdc85d0df039c85412ea5a

SHA-1:

3413544872963757f955b84a44c4ba81ee8cb21a

SHA-256:

f613ddf368f91c5cde8de3fab4fc999fbfa4f095029ae51167f70da9213484d5

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

1/4/2025 10:25:52 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.JiangsuCN (M)

16.8.20.20

File size:

3.4 MB (3,548,792 bytes)

Product version:

1.3.6.2

MicroTools

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\youtube downloader services\p1\powermgr.exe

Digital Signature

Signed by:

Nanjing Aodimu Tech Co.,Ltd

Authority:

GlobalSign nv-sa

Valid from:

10/17/2014 10:26:07 AM

Valid to:

10/17/2016 10:26:07 AM

Subject:

CN="Nanjing Aodimu Tech Co.,Ltd", OU=Software, O="Nanjing Aodimu Tech Co.,Ltd", L=Nanjing, S=Jiangsu, C=CN

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121E136B5D663F4BB8678C1EB6FFCC47B11

File PE Metadata

Compilation timestamp:

10/31/2014 10:11:50 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:yKpJkDicdCSS7uIiIoQDxw1j2UQTKSD1k+5LOXoFXhA0mQZNoXg:yCiDLIhuE1k+5LOIqQNcg

Entry address:

0x2595DC

Entry point:

55, 8B, EC, 83, C4, F0, B8, 18, D1, 64, 00, E8, 14, 2C, DB, FF, 33, C0, 55, 68, 5B, 96, 65, 00, 64, FF, 30, 64, 89, 20, E8, D5, B6, DA, FF, 83, F8, 02, 7C, 49, A1, 7C, 2C, 66, 00, 8B, 00, E8, 40, 6B, EC, FF, A1, 7C, 2C, 66, 00, 8B, 00, C6, 40, 5F, 00, A1, 7C, 2C, 66, 00, 8B, 00, 33, D2, E8, 47, 88, EC, FF, 8B, 0D, 98, 29, 66, 00, A1, 7C, 2C, 66, 00, 8B, 00, 8B, 15, 80, BE, 64, 00, E8, 27, 6B, EC, FF, A1, 7C, 2C, 66, 00, 8B, 00, E8, 7F, 6C, EC, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, 62, 96, 65, 00, C3, E9... 
[+]

Entropy:

6.5432

Developed / compiled with:

Microsoft Visual C++

Code size:

2.3 MB (2,457,088 bytes)

Windows Firewall Allowed Program

Name:

windows power manger

Remove powermgr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.