tiny_download_manager_7956.exe

The application tiny_download_manager_7956.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from secure.letigerfastcdn.com.
MD5:
a08a49c4acbdecc5b2753ea0bd5253be

SHA-1:
55be90cc0c0ae8efc4fb54f9435be29b36166032

SHA-256:
22ddc79cd2cb058d958ad4d46c5df39dd470ab400555f998be8511a36b0e3890

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
11/23/2024 12:29:58 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
NSIS:InstMonetizer-BC [PUP]
2014.9-160503

ESET NOD32
Win32/InstallMonetizer.AZ
10.10072

IKARUS anti.virus
AdWare.Win32.InstallMonetizer
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.InstallMonetizer
v2016.05.03.02

McAfee
Artemis!A08A49C4ACBD
5600.6411

NANO AntiVirus
Trojan.Nsis.OneInstaller.dbpzbw
0.28.0.60698

Reason Heuristics
PUP.InstallMonetizer.ET (M)
16.5.3.1

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.16501

Trend Micro House Call
TROJ_GEN.R047H06G914
7.2.124

VIPRE Antivirus
Trojan.Win32.Generic
31130

File size:
187.8 KB (192,348 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\tiny_download_manager_7956.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:GuxkZuTXJk45XrK2lu+TE69PIaVk3KWYIRqhYPWtxMNDgj+a69pGgSDGhPah9:GSeQK2lFTblBVcqhYmMNDgj+awpWYO9

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file tiny_download_manager_7956.exe has been seen being distributed by the following URL.

Remove tiny_download_manager_7956.exe - Powered by Reason Core Security