» IDMan.exe
Overview
Analysis
File Details
Behaviors (1)

IDMan.exe

Internet Download Manager (IDM)

Tonec Inc.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘IDMan’.

File name:

IDMan.exe

Publisher:

Tonec Inc.

Product:

Internet Download Manager (IDM)

Version:

6, 18, 11, 2

MD5:

5743afb20fbb603bc6c7028f346528f3

SHA-1:

fe2b56a852e1e7975bdcfbd4cc48831b287f28b0

SHA-256:

ca0a5b5806415b058b79a8aefaaf688d8ef4659537fc096c8bd79c23c7363c0d

Scanner detections:

6 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

5/10/2025 5:22:18 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Trojan.Win32.Patched

4.0.3.14227

Bkav FE

W32.HfsAutoB

1.3.0.4613

Comodo Security

Heur.Suspicious

16649

Emsisoft Anti-Malware

Dropped:Generic.Malware.SLYBdb.FA271B0C

8.14.02.27.04

Trend Micro House Call

TROJ_GEN.F47V0917

7.2.58

ViRobot

Backdoor.Win32.A.Ceckno.3587664.A

2011.4.7.4223

File size:

3.7 MB (3,886,672 bytes)

Product version:

6, 18, 11, 2

Trademarks:

Internet Download Manager

Original file name:

IDMan.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\internet download manager\idman.exe

File PE Metadata

Compilation timestamp:

12/15/2013 12:21:50 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:RsLmzH4nxlZaI0puSKc1dNU4jPoDFb8TD:RsL4H4/ZOpETs

Entry address:

0x1B94FF

Entry point:

F6, D7, C6, C2, CE, 0F, CD, 81, FA, EE, 4A, 00, 00, 77, 0B, 2D, 2D, F8, 06, 40, 69, E8, 2A, DC, DD, FC, 81, C6, 7F, 99, 00, 00, 0F, BE, DF, 81, EE, B0, 02, 00, 00, 8D, 0D, 96, 17, 85, 7C, 78, 06, 69, D6, 05, E8, E7, 51, 8D, 15, EF, 8A, 8F, 66, 81, FD, A8, EF, 00, 00, 76, 0D, F6, D8, F6, D8, 0F, BF, DF, F7, C0, DE, 17, 27, A5, 8D, 2D, 79, 04, 00, 00, C7, C7, 03, 2E, 0B, 5F, 81, C5, 4F, 06, 00, 00, 30, C9, 81, F9, C8, A7, 00, 00, 70, 05, 86, EC, 0F, AF, FB, 86, EA, 0F, AF, C6, C6, C7, E5, F7, DF, 8D, 3D, 04... 
[+]

Entropy:

6.4800

Code size:

2 MB (2,088,960 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

IDMan

Command:

C:\Program Files\internet download manager\idman.exe \onboot

Scan IDMan.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.