» datamngrui.exe
Overview
Analysis
File Details
Programs (1)

datamngrui.exe

Bandoo Media, Inc

The application datamngrui.exe by Bandoo Media, Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Windows Savevid Toolbar by Bandoo Media Inc which is a potentially unwanted software program.

File name:

datamngrui.exe

Publisher:

Bandoo Media, Inc (signed and verified)

MD5:

7235fe6ef835199de1c3a4f108222638

SHA-1:

2eadba3125a58f0aab9c99f338be9ad0be584933

SHA-256:

593ca64badfca21873a4301569bb8026aeb49eba3fb45513fa51aa87992d0392

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 2:37:30 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.Bandoo

16.2.5.11

File size:

2 MB (2,140,048 bytes)

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\x64\datamngrui.exe

Digital Signature

Signed by:

Bandoo Media, Inc

Authority:

Thawte, Inc.

Valid from:

11/3/2010 5:30:00 AM

Valid to:

11/3/2012 5:29:59 AM

Subject:

CN="Bandoo Media, Inc", O="Bandoo Media, Inc", L=Panama City, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7AD02DB75E76EA8D8CF4A4D1C2591229

File PE Metadata

Compilation timestamp:

6/2/2011 2:04:29 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:Lm/hBWi1fQNgRgPf49OAdii/1kqA3qcdQvD4X:SLDiX

Entry address:

0x134810

Entry point:

48, 83, EC, 28, E8, C7, C3, 00, 00, 48, 83, C4, 28, E9, 1A, FE, FF, FF, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 68, 10, 48, 89, 70, 18, 57, 48, 83, EC, 50, 48, 8B, F1, 48, 8B, FA, 48, 8D, 48, D8, 49, 8B, D0, E8, 0E, F6, FF, FF, 33, ED, 48, 3B, F5, 75, 3C, E8, BA, 35, 00, 00, 45, 33, C9, 45, 33, C0, 33, D2, 33, C9, 48, 89, 6C, 24, 20, C7, 00, 16, 00, 00, 00, E8, C4, E2, FF, FF, 40, 38, 6C, 24, 48, 74, 0C, 48, 8B, 44, 24, 40, 83, A0, C8, 00, 00, 00, FD, B8, FF, FF, FF, 7F, E9, 93, 00, 00, 00, 48, 3B, FD... 
[+]

Entropy:

6.3459

Code size:

1.4 MB (1,456,640 bytes)

The file datamngrui.exe has been discovered within the following program.

Windows Savevid Toolbar by Bandoo Media Inc

This toolbar is typiclaly bundled with the installation of the free iLivid software. Windows iLivid Toolbar by Bandoo for Intenet Explorer collects and stores information about your web browsing habits in order to suggest services or provide advertising via the toolbar.

www.savevid.com

88% remove it

Remove datamngrui.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.