fdm.exe

Free Download Manager

FreeDownloadManager.ORG

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Free Download Manager’.
Publisher:
FreeDownloadManager.ORG

Product:
Free Download Manager

Version:
3.9.1294.0

MD5:
814eecc6a30496db764fd24945b83a67

SHA-1:
9d5b985e11ca15972ffa7c13adab782b86622dea

SHA-256:
1e3aaec55bd6449ce773623ce1af879baf14efa24c085aa95b3f7edff92eb750

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/29/2016 1:41:16 AM UTC  (nine months ago)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Startup.FreeDownloadManagerORG.D
188163

File size:
6.5 MB (6,864,896 bytes)

Product version:
3.9.2

Copyright:
Copyright © 2003-2013

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\free download manager\fdm.exe

File PE Metadata
Compilation timestamp:
1/30/2013 5:15:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:UPmSbpx/Q/m6JjLt4Sf+7ns+LuEIbyal333333313333333q3333333nDa:NOP/E7wQ+L9Da

Entry address:
0x3DBAF6

Entry point:
E8, 36, 40, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 10, 8B, C7, 83, E8, 00, 0F, 84, B7, 14, 00, 00, 48, 0F, 84, 9F, 14, 00, 00, 48, 0F, 84, 6C, 14, 00, 00, 48, 0F, 84, 21, 14, 00, 00, 48, 0F, 84, 99, 13, 00, 00, 8B, 4D, 0C, 8B, 45, 08, 53, 6A, 20, 5A, E9, 32, 04, 00, 00, 8B, 30, 3B, 31, 74, 74, 0F, B6, 30, 0F, B6, 19, 2B, F3, 74, 13, 33, DB, 85, F6, 0F, 9F, C3, 8D, 74, 1B, FF, 85, F6, 0F, 85, 2B, 04, 00, 00, 0F, B6, 70, 01, 0F, B6, 59, 01, 2B, F3, 74, 13, 33, DB, 85, F6, 0F, 9F, C3...
 
[+]

Entropy:
6.5783

Code size:
4.3 MB (4,456,448 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Free Download Manager

Command:
"C:\Program Files\free download manager\fdm.exe" -autorun


Windows Firewall Allowed Program
Name:
D:\Prog\Netz\FreeDownloadManager\fdm.exe


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to softbank126077239098.bbtec.net  (126.77.239.98:15225)

TCP:
Connects to ip134.net200.n37.ru  (109.60.200.134:9000)

TCP (HTTP):
Connects to esupport.com  (38.102.75.222:80)

Scan fdm.exe - Powered by Reason Core Security