home

manycamsetup.exe

ManyCam Virtual Webcam

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application manycamsetup.exe by Visicom Media has been detected as a potentially unwanted program by 0 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from manycam.th.softonic.com and multiple other hosts.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
ManyCam Virtual Webcam

Version:
4.0.109.0

MD5:
ed66838be6935d3c94729015c1c831d2

SHA-1:
fbe88d160a8a17d9c6f5ea7e5dcf639ff9efbc1b

SHA-256:
f168122f3fa7fa23d07919959b72e3881a883b9c6c940938474ad3431b5970e3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 6:55:57 PM UTC  (today)

File size:
39.3 MB (41,184,136 bytes)

Product version:
4.0.109.0

Copyright:
(c) 2006-2014 Visicom Media Inc.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Thawte, Inc.

Valid from:
5/8/2014 1:00:00 AM

Valid to:
6/21/2016 12:59:59 AM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
266F9E30991B0C3EFC03DA9B8CDDB68D

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
786432:ZNMX7QMoPzepn2/NuS9KGjoMMHW04MUvrMHFnXQ+i28LqKpEF11Wbe:ZyXknPSp2TVHM2ZMUvrMlXQ+L8f2We

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file manycamsetup.exe has been seen being distributed by the following 3 URLs.

http://manycam.th.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-flaCOopykkpo=

http://global-shared-files-l3.softonic.com/fbe/88d/.../file?nvb=20140916163808&nva=20140917043908&token=0d862fe89f46b5ac7a21c&id_file=61447&channel=WEB&instance=softonic_en&type=PROGRAM&fdh=yes&SD_used=0&filename=ManyCamSetup_4-0-109.exe

http://download3.manycam.com/ManyCamSetup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-34-192-149-111.compute-1.amazonaws.com  (34.192.149.111:80)

TCP (HTTP):
Connects to ec2-54-89-36-60.compute-1.amazonaws.com  (54.89.36.60:80)

Remove manycamsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.