» datamngrui.exe.17424500
Overview
Analysis
File Details
Programs (1)

datamngrui.exe.17424500

Bandoo Media, Inc

The file datamngrui.exe.17424500 by Bandoo Media, Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Windows Savevid Toolbar by Bandoo Media Inc which is a potentially unwanted software program.

File name:

Publisher:

Bandoo Media, Inc (signed and verified)

MD5:

79eea9d965b88078f4f8d0a15622fffb

SHA-1:

f489008a0f0e6c280831474632ec83eabfa46f77

SHA-256:

7d43a0fc293883ee6d6cbb78b8f5e0e2768a4f4a6411b9af8d2a9d920515cf0f

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 11:22:03 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.Bandoo

16.2.1.21

File size:

1.1 MB (1,115,536 bytes)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\datamngrui.exe.17424500

Digital Signature

Signed by:

Bandoo Media, Inc

Authority:

Thawte, Inc.

Valid from:

11/3/2010 8:00:00 AM

Valid to:

11/3/2012 7:59:59 AM

Subject:

CN="Bandoo Media, Inc", O="Bandoo Media, Inc", L=Panama City, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7AD02DB75E76EA8D8CF4A4D1C2591229

File PE Metadata

Compilation timestamp:

3/24/2011 8:35:18 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:PQ9S52Ntqyf1SegxmCZ2soIoqSR6W+Izfizt+et:PQ9S52NEuriZsTqSRkIzqzt+et

Entry address:

0x95FB8

Entry point:

E8, 60, B4, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 56, FF, 75, 10, 8D, 4D, F0, E8, F2, F6, FF, FF, 8B, 5D, 08, 33, F6, 3B, DE, 75, 2F, E8, 08, 2B, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, AB, CE, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, C0, 00, 00, 00, 57, 8B, 7D, 0C, 3B, FE, 75, 2F, E8, D1, 2A, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 74, CE, FF, FF, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8... 
[+]

Entropy:

6.4003

Code size:

743.5 KB (761,344 bytes)

The file datamngrui.exe.17424500 has been discovered within the following program.

Windows Savevid Toolbar by Bandoo Media Inc

This toolbar is typiclaly bundled with the installation of the free iLivid software. Windows iLivid Toolbar by Bandoo for Intenet Explorer collects and stores information about your web browsing habits in order to suggest services or provide advertising via the toolbar.

www.savevid.com

88% remove it

Remove datamngrui.exe.17424500 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.