» IDMan.exe
Overview
Analysis
File Details

IDMan.exe

Internet Download Manager (IDM)

Tonec Inc.

The application IDMan.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power.

File name:

IDMan.exe

Publisher:

Tonec Inc.

Product:

Internet Download Manager (IDM)

Version:

6, 16, 3, 3

MD5:

9c7e85736c5ac23351c4ecb284b8c448

SHA-1:

f015b3c3ed97a372492dae7e66350cc46e7c05bc

SHA-256:

494a0e1c543f1bbf1aaaf750adfbae748d73f8a31eaaa10f1cc74758c6320aee

Scanner detections:

16 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

11/3/2025 2:39:27 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.BitCoinMiner

7.1.1

Avira AntiVirus

TR/BitCoinMinerCA.A.10

7.11.123.202

avast!

Win32:BitCoinMiner-FA [PUP]

2014.9-140109

Baidu Antivirus

Trojan.Win32.BitCoinMiner

4.0.3.131225

Comodo Security

UnclassifiedMalware

17565

ESET NOD32

Win32/BitCoinMiner.AX (variant)

7.9257

Fortinet FortiGate

Riskware/PUP_x

12/25/2013

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.2.2.29

K7 AntiVirus

Trojan

13.175.10750

McAfee

RDN/Generic PUP.x!bc3

5600.7270

Norman

Suspicious_Gen4.EGNAW

11.20131225

Panda Antivirus

Generic Malware

13.12.25.04

Sophos

Generic PUA PA

4.96

Trend Micro House Call

TROJ_GEN.R0CBC0PGT13

7.2.359

Trend Micro

TROJ_GEN.R0CBC0PGT13

10.465.25

VIPRE Antivirus

Trojan.Win32.Generic

25158

File size:

208.5 KB (213,504 bytes)

Product version:

6, 16, 3, 3

Trademarks:

Internet Download Manager

Original file name:

IDMan.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\adobe\flash player\speedcache\idman.exe

File PE Metadata

Compilation timestamp:

6/20/2013 10:09:16 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.23

CTPH (ssdeep):

3072:HMRMqTjh7gYZFTbAybYKuLD4dQGuPwccJ++uhcX8r:bq57PZFTbZbNyGuPbcJmhcX8

Entry address:

0x1280

Entry point:

83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, D4, 32, 43, 00, E8, 6B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, D4, 32, 43, 00, E8, 4B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 04, 33, 43, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, EC, 32, 43, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, C0, 42, 00, E8, C2, 85, 02, 00, 52, 85, C0, 74, 65, C7, 44, 24, 04, 13, C0, 42, 00, 89... 
[+]

Code size:

164.5 KB (168,448 bytes)

Remove IDMan.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.