home

downloadmanager.exe

DownloadManager

OutBrowse LTD

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application downloadmanager.exe by OutBrowse has been detected as adware by 8 anti-malware scanners. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory.
Publisher:
@   (signed by OutBrowse LTD)

Product:
DownloadManager

Description:
Manages Apps

Version:
1.0.0.1

MD5:
215dca98077348852064bb9641fc3ec3

SHA-1:
3e9a572251d04f246c56b41cf0c9822920ed1176

SHA-256:
6ab145cbc7656af0a68d6d35c80e256635bd9a7e97c80308a404c9d86aa9277e

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/24/2024 5:54:54 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Generic
2016.0.3158

ESET NOD32
Win32/OutBrowse (variant)
9.9698

Malwarebytes
PUP.Optional.OutBrowse
v2015.03.27.10

Reason Heuristics
PUP.Outbrowse
15.3.27.11

Trend Micro House Call
TROJ_GEN.F47V0403
7.2.86

File size:
1.3 MB (1,315,896 bytes)

Product version:
1.0.0.1

Copyright:
(c). All rights reserved.

Original file name:
apps.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\downloadmanager.exe

Digital Signature
Signed by:
OutBrowse LTD

Authority:
Symantec Corporation

Valid from:
2/25/2013 7:00:00 PM

Valid to:
2/26/2014 6:59:59 PM

Subject:
CN=OutBrowse LTD, O=OutBrowse LTD, L=Ramat Gan, S=Ramat Gan, C=IL, SERIALNUMBER=514686914, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IL

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
06C1C2AE3E180ADDA27BBF2BD8EAC0E7

File PE Metadata
Compilation timestamp:
10/20/2013 8:52:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:y1RGux5QOnqTOekqZP4lgUuerB5zVBlMuuFa2YBr/hjXH+:y7GOqT2qJE1XBOuuF3YBrhXe

Entry address:
0xE524F

Entry point:
E8, 2D, AD, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, CC, 40, 52, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 2D, 9C, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 1D, 9C, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49...
 
[+]

Entropy:
6.3100

Code size:
1021 KB (1,045,504 bytes)

Remove downloadmanager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.