» manycamsetup.exe
Overview
Analysis
File Details
Downloads (6)

manycamsetup.exe

ManyCam Virtual Webcam

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application manycamsetup.exe by Visicom Media has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download3.manycam.com and multiple other hosts.

File name:

manycamsetup.exe

Publisher:

Visicom Media Inc. (signed and verified)

Product:

ManyCam Virtual Webcam

Version:

4.0.110.10

MD5:

f4962fdf37677f1ae2b902d613658033

SHA-1:

81f8b307e1b40efefb2287ed6ba14a8bb04e4aa2

SHA-256:

f8133f6dea19ee820a0e237dba9a866f20e5fd46aa19be764cfdc8c25ccbd62c

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 4:55:47 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Toolbar.272

9.0.1.0307

K7 AntiVirus

Unwanted-Program

13.185.13866

File size:

40.5 MB (42,501,864 bytes)

Product version:

4.0.110.10

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\manycamsetup.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Thawte, Inc.

Valid from:

5/7/2014 8:00:00 PM

Valid to:

6/20/2016 7:59:59 PM

Subject:

CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

266F9E30991B0C3EFC03DA9B8CDDB68D

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

786432:zSayCF+Hq+aW8NzXmMz7IOc1D7zuH07qL186iQijGYgSgDo4Iw56ITNWq9wF0wRW:zSHAW8d2Mz7O7iU4+6iQ2GYgu4IwFNWA

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file manycamsetup.exe has been seen being distributed by the following 6 URLs.

http://download3.manycam.com/ManyCamSetup_v4.0.110.exe

http://manycam.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-flaeHppyfmp0=

http://filehippo.com/download/file/.../

http://manycam.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-flaSLnqGkmp0=

http://download3.manycam.com/ManyCamSetup.exe

Remove manycamsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.