» IDMan.exe
Overview
Analysis
File Details
Behaviors (1)

IDMan.exe

Internet Download Manager (IDM)

Tonec Inc.

The executable IDMan.exe has been detected as malware by 35 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘IDMan’. This virus which infects .exe files stops various security software and prevents some core Windows utilities from running. It also tries to download other files from a remote server, including other malware.

File name:

IDMan.exe

Publisher:

Tonec Inc.

Product:

Internet Download Manager (IDM)

Version:

6, 25, 24, 2

MD5:

ebc0a4626adf6f4cf4fbfeccc3b35bfd

SHA-1:

2671cd11d7c8ad44249e27cfaa4dcf7528ecb86f

Scanner detections:

35 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

2/7/2026 8:00:01 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

-39

AhnLab V3 Security

Win32/Kashu.E

3.8.2.16

Avira AntiVirus

W32/Sality.AT

8.3.3.4

Arcabit

Win32.Sality.3

1.0.0.792

avast!

Win32:SaliCode

2014.9-170315

AVG

Win32/Sality

2018.0.2439

Baidu Antivirus

Win32.Virus.Sality

4.0.3.17315

Bitdefender

Win32.Sality.3

1.0.20.370

Comodo Security

Virus.Win32.Sality.gen

26357

Dr.Web

Win32.Sector.30

9.0.1.074

Emsisoft Anti-Malware

Win32.Sality

8.17.03.15.04

ESET NOD32

Win32/Sality.NBA

11.14681

F-Prot

W32/Sality.gen2

v6.4.7.1.166

F-Secure

Win32.Sality.3

11.2017-15-03_4

G Data

Win32.Sality

17.3.25

IKARUS anti.virus

Virus.Sality

0.1.3.4

K7 AntiVirus

Virus

13.246.21929

Kaspersky

Virus.Win32.Sality

14.0.0.-1311

McAfee

W32/Sality.gen.z

5600.6095

Microsoft Security Essentials

Virus:Win32/Sality.AT

1.1.13303.0

MicroWorld eScan

Win32.Sality.3

18.0.0.222

NANO AntiVirus

Virus.Win32.Sality.beygb

1.0.70.14475

nProtect

Virus/W32.Sality.D

16.12.29.01

Panda Antivirus

W32/Sality.AA

17.03.15.04

Qihoo 360 Security

Virus.Win32.Sality.I

1.0.0.1120

Quick Heal

W32.Sality.U

3.17.14.00

Rising Antivirus

Virus.Sality!1.A09C (classic)

23.00.65.17313

Sophos

Mal/Sality-D

4.98

Total Defense

Win32/Sality.AA

37.1.62.1

Trend Micro House Call

PE_SALITY.RL

7.2.74

Trend Micro

PE_SALITY.RL

10.465.15

Vba32 AntiVirus

Virus.Win32.Sality.bakc

3.12.26.4

VIPRE Antivirus

Virus.Win32.Sality.at

54828

ViRobot

Win32.Sality.Gen.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Sality.Win32.25

2.0.0.3165

File size:

3.8 MB (4,026,424 bytes)

Product version:

6, 25, 24, 2

Trademarks:

Internet Download Manager

Original file name:

IDMan.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\internet download manager\idman.exe

File PE Metadata

Compilation timestamp:

7/28/2016 6:08:26 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x1D5A0F

Entry point:

8B, D8, F3, 52, 3C, 7E, 8D, 2D, AE, 41, 51, B2, 42, 8A, E4, 85, CE, 8A, FE, 8D, 05, 6A, 43, E1, 52, F3, 87, EA, 81, FE, FE, 34, 00, 00, F7, C5, D1, 3F, 71, 8C, 00, E5, 8D, 35, 48, 65, 9D, 32, F3, 85, EE, 81, C6, A0, 1E, 94, 7D, 8A, D9, 68, AD, 0A, 00, 00, C7, C5, D8, 35, 9C, 19, 8D, 15, 43, EF, C7, 74, 69, F6, EA, C7, 93, 2D, 5F, 81, FE, 4F, B0, 00, 00, 71, 09, C6, C5, 0C, 81, ED, 66, 1C, 0F, AF, 81, F7, 40, 04, 00, 00, 2D, B0, F8, 67, DE, F7, C5, A0, 13, 3F, 3F, 34, 3D, 8A, D6, 69, CF, 81, 93, 45, F2, 0F... 
[+]

Entropy:

6.4930

Code size:

2.1 MB (2,211,840 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

IDMan

Command:

C:\Program Files\internet download manager\idman.exe \onboot

Remove IDMan.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.