home

idman.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from elarabawe.googlecode.com.
MD5:
27c8ce29ebae592dd9afe69ec0d56a68

SHA-1:
5e01bec24c3ac307ad9275f5a203a9ff7d4198f1

SHA-256:
d0784d60a752a3c0225d126ef251ee7f02ab7894f00e10611818bb46e6c1d5eb

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 11:50:47 PM UTC  (a few moments ago)

File size:
2.8 MB (2,956,428 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\idman.exe

File PE Metadata
Compilation timestamp:
8/16/2009 1:05:35 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:WUaQegJWWvtfu+z2854TUkPcQlOEE7UKz6eOf6vHZ6NTGvCk7VpKWmXllj9:WUvVNjznuTUk0QvKz67eoNGvjhsWC/

Entry address:
0xA7D8

Entry point:
E8, 97, AC, E9, 98, AC, E9, 98, AB, E9, 99, AC, E8, 99, AC, E8, 99, AC, E9, 9A, AC, E9, 9A, AD, E9, 9A, AF, EA, 9B, AF, EB, 9B, AF, EB, 9B, AF, EB, 9B, B1, EC, 9C, B1, EB, 9C, B1, EB, 9D, B1, EA, 9D, B1, EA, 9D, B2, EC, 9E, B2, EC, 9E, B2, EB, 9E, B2, EC, 9E, B2, EB, 9E, B2, EC, 9E, B3, ED, 9F, B3, EC, 9F, B4, EB, 9F, B3, EB, 9E, B3, EC, 9E, B3, EB, 9F, B5, ED, A0, B4, EC, 9F, B4, EC, A0, B4, EC, A0, B4, EC, A0, B5, ED, A1, B5, ED, A1, B6, ED, A2, B6, ED, A1, B5, ED, A0, B7, EE, A2, B8, ED, A3, B6, EE, A3...
 
[+]

Entropy:
7.9962  (probably packed)

Code size:
66 KB (67,584 bytes)

The file idman.exe has been seen being distributed by the following URL.

http://elarabawe.googlecode.com/.../IDMAN.EXE

Scan idman.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.