tinydm.exe

Tiny download manager

M417 LTD.

The application tinydm.exe by M417 has been detected as adware by 3 anti-malware scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Tiny download manager’. The file has been seen being downloaded from www.tinydm.com. While running, it connects to the Internet address www30.speedyshare.com on port 80 using the HTTP protocol.
Publisher:
http://www.tinydm.com/  (signed by M417 LTD.)

Product:
Tiny download manager

Version:
2.2.0.0

MD5:
df4bf0ce4ad9a64ef58b4f9556253806

SHA-1:
c450002d7d57bef6279e037489bad2f7e4f94125

SHA-256:
99b1893d12e651d739c01f0b02b40121e485aca7606094f8a26bd5bb20ef57a0

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
12/25/2024 4:08:30 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Heur.Suspicious
17450

Reason Heuristics
PUP.Startup.M417.G
14.8.8.0

Trend Micro House Call
TROJ_GEN.F47V0821
7.2.351

File size:
282 KB (288,728 bytes)

Product version:
2.2

Copyright:
(c) 2013 All rights reserved

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\dm\tinydm.exe

Digital Signature
Signed by:

Authority:
StartCom Ltd.

Valid from:
8/12/2013 5:14:35 AM

Valid to:
8/12/2015 2:35:02 PM

Subject:
E=INFO@M417LTD.NET, CN=M417 LTD., O=M417 LTD., L=London, S=Greater London, C=GB, Description=Q1G5XvtHln8BTB3V

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0AB5

File PE Metadata
Compilation timestamp:
6/3/2013 3:42:41 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:vP6kN8QsNBr2hs3eUuCddXO5tgofJmwqhXmva27Z8Mha80JrhZoSQthz:vP6s86SuedXO5tTqdmvXWOUhZoSQt1

Entry address:
0xBEC60

Entry point:
60, BE, 00, 00, 48, 00, 8D, BE, 00, 10, F8, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 7F, CA, 0B, 00, 57, 83, C3, 04, 53, 68, 4F, EC, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
256 KB (262,144 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Tiny download manager

Command:
"C:\users\{user}\appdata\local\dm\tinydm.exe" \m


The file tinydm.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www31.speedyshare.com  (207.244.73.42:80)

TCP (HTTP):
Connects to www30.speedyshare.com  (207.244.73.9:80)

TCP (HTTP):
Connects to www32.speedyshare.com  (207.244.73.52:80)

Remove tinydm.exe - Powered by Reason Core Security