tinydm.exe

Tiny download manager

M417 LTD.

The application tinydm.exe by M417 has been detected as adware by 2 anti-malware scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Tiny download manager’. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.tinydm.com. While running, it connects to the Internet address www31.speedyshare.com on port 80 using the HTTP protocol.
Publisher:
http://www.tinydm.com/  (signed by M417 LTD.)

Product:
Tiny download manager

Version:
2.3.0.0

MD5:
ee3802fb8e597d3436c3054599b617bd

SHA-1:
fb83d4dcc038db70201abc94ef5b47617ff2e422

SHA-256:
f61a2f722080307b065de6bab956cd2a0611c8acddc1889c764738f311a8d417

Scanner detections:
2 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
11/23/2024 7:48:26 AM UTC  (today)

Scan engine
Detection
Engine version

Panda Antivirus
Trj/InstallMonetizer.A
14.08.16.01

Reason Heuristics
PUP.M417.G
14.8.16.13

File size:
283 KB (289,752 bytes)

Product version:
2.3

Copyright:
(c) 2013 All rights reserved

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\dm\tinydm.exe

Digital Signature
Signed by:

Authority:
StartCom Ltd.

Valid from:
8/12/2013 9:14:35 AM

Valid to:
8/12/2015 6:35:02 PM

Subject:
E=INFO@M417LTD.NET, CN=M417 LTD., O=M417 LTD., L=London, S=Greater London, C=GB, Description=Q1G5XvtHln8BTB3V

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
0AB5

File PE Metadata
Compilation timestamp:
8/15/2014 8:40:00 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:A6p1l8m71gYn2/yBomUpH2sasPZ2qsttGSwCm/oVdl+H4lEEoSLdMK:A0WMj0yE52qsfGSyQVWYlEEoSLdn

Entry address:
0xBF0F0

Entry point:
60, BE, 00, 00, 48, 00, 8D, BE, 00, 10, F8, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, A7, DA, 0B, 00, 57, 83, C3, 04, 53, 68, E1, F0, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
256 KB (262,144 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Tiny download manager

Command:
"C:\users\{user}\appdata\local\dm\tinydm.exe" \m


The file tinydm.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www32.speedyshare.com  (207.244.73.52:80)

TCP (HTTP):
Connects to www31.speedyshare.com  (207.244.73.42:80)

Remove tinydm.exe - Powered by Reason Core Security