home

winnetmng.exe

Window NetManager

Green Air Computing

The application winnetmng.exe has been detected as a potentially unwanted program by 9 anti-malware scanners. This file is typically installed with the program Window NetManager by Green Air Computing.
Publisher:
Green Air Computing

Product:
Window NetManager

Version:
2.9.1.1

MD5:
de08a271fb6831e4bb101e46c059ca4b

SHA-1:
8739d9f0a8dcc138ff84d57eb0bfd0fab3bcfa25

SHA-256:
4df4bb9452ae36214a8cd44064cc3dda98c0ba0ed156c2266f3b7f821499c6e0

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 1:43:07 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.245356
5719657

Arcabit
Trojan.Graftor.D3BE6C
1.0.0.567

Bitdefender
Gen:Variant.Graftor.245356
1.0.20.1345

Emsisoft Anti-Malware
Gen:Variant.Graftor.245356
10.0.0.5366

ESET NOD32
Win32/Yelloader.A potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Graftor.245356
5.14.151

G Data
Gen:Variant.Graftor.245356
15.9.25

MicroWorld eScan
Gen:Variant.Graftor.245356
16.0.0.807

Norman
Gen:Variant.Graftor.245356
03.12.2014 13:20:04

File size:
562 KB (575,488 bytes)

Product version:
2.9.1.1

Copyright:
Copyright (C) 2015

Original file name:
Window NetManager

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\Program Files\winnetmng\winnetmng.exe

File PE Metadata
Compilation timestamp:
9/25/2015 12:51:38 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:VGP3nslczdc5AM2ctwVzCycGZtznqbE4fpFit/CJ:VLvAM2cSzFVxqbEAit

Entry address:
0x3849D

Entry point:
E8, 51, B1, 00, 00, E9, 7F, FE, FF, FF, E9, 58, 06, 00, 00, 3B, 0D, 34, 45, 48, 00, 75, 02, F3, C3, E9, E6, 17, 00, 00, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 40, A6, 48, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 30, 48, 48, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 40, A6, 48, 00...
 
[+]

Entropy:
6.5758

Code size:
431.5 KB (441,856 bytes)

The file winnetmng.exe has been discovered within the following program.

Window NetManager  by Green Air Computing
About 5% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to tg2-den.search.spotxchange.com  (198.54.12.97:80)

TCP (HTTP):
Connects to static-ip-173-224-117-168.inaddr.ip-pool.com  (173.224.117.168:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.12.169:80)

TCP (HTTP):
Connects to presentation-sjc2.turn.com  (69.194.244.11:80)

TCP (HTTP):
Connects to os-in-f95.1e100.net  (173.194.201.95:80)

TCP (HTTP):
Connects to of-in-f95.1e100.net  (74.125.30.95:80)

TCP (HTTP SSL):
Connects to of-in-f141.1e100.net  (74.125.30.141:443)

TCP (HTTP):
Connects to net64-20-243-254.static-customer.corenap.com  (64.20.243.254:80)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (87.250.251.119:443)

TCP (HTTP):
Connects to map2.hwcdn.net  (205.185.216.42:80)

TCP (HTTP):
Connects to li976-199.members.linode.com  (45.33.22.199:80)

TCP (HTTP):
Connects to li962-254.members.linode.com  (45.33.8.254:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-dfw1.facebook.com  (31.13.66.1:443)

TCP (HTTP):
Connects to edge-liverail-shv-01-dfw1.facebook.com  (31.13.66.12:80)

TCP (HTTP):
Connects to ec2-54-225-82-16.compute-1.amazonaws.com  (54.225.82.16:80)

TCP (HTTP):
Connects to ec2-54-225-223-61.compute-1.amazonaws.com  (54.225.223.61:80)

TCP (HTTP):
Connects to ec2-54-225-153-41.compute-1.amazonaws.com  (54.225.153.41:80)

TCP (HTTP):
Connects to ec2-54-219-149-113.us-west-1.compute.amazonaws.com  (54.219.149.113:80)

TCP (HTTP):
Connects to ec2-54-210-153-109.compute-1.amazonaws.com  (54.210.153.109:80)

TCP (HTTP):
Connects to ec2-54-210-145-133.compute-1.amazonaws.com  (54.210.145.133:80)

Remove winnetmng.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.