» manycamwebinstaller.exe
Overview
Analysis
File Details
Downloads (143)
Network (4)

manycamwebinstaller.exe

ManyCam Virtual Webcam

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application manycamwebinstaller.exe, “ManyCam Installer” by Visicom Media has been detected as a potentially unwanted program by 4 anti-malware scanners. The file has been seen being downloaded from lb.cdn.m6web.fr and multiple other hosts. While running, it connects to the Internet address visicom-83.nationalnet.com on port 443.

File name:

Publisher:

Visicom Media Inc. (signed and verified)

Product:

ManyCam Virtual Webcam

Description:

ManyCam Installer

Version:

1.2.0.1

MD5:

21951f038156f15925f2c7119b7985dd

SHA-1:

88f9c909198a604489fef269ad500bc386d08c88

SHA-256:

cb1f6d8b7cb51eb9b145ccd3423d0ab02ea3db670d68503e7af7a7b58303cbef

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

5/8/2024 11:17:22 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.2929

Bkav FE

W32.HfsAdware

1.3.0.7383

Dr.Web

Tool.InstallToolbar.174

9.0.1.0315

Reason Heuristics

PUP.Visicom.MPE

15.11.11.1.MPE

File size:

289.5 KB (296,472 bytes)

Product version:

1.2.0.1

Trademarks:

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\manycamwebinstaller.exe

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

Symantec Corporation

Valid from:

2/9/2015 3:00:00 AM

Valid to:

2/9/2017 2:59:59 AM

Subject:

CN=Visicom Media Inc., OU=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

0F7022688814C950B353E71B8D1C1D84

File PE Metadata

Compilation timestamp:

7/14/2015 5:17:30 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:DV3b7w2xUjXTjnm7BRhtOW07TUcSu1Ax9W636u8:DVQPjR7l91luv8

Entry address:

0x6C46

Entry point:

E8, 62, 39, 00, 00, E9, 7F, FE, FF, FF, E9, 0F, 09, 00, 00, 3B, 0D, 10, E1, 42, 00, 75, 02, F3, C3, E9, 48, 14, 00, 00, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, E8, 23, 2F, 00, 00, 8B, D0, 89, 56, 08, 8B, 4A, 6C, 89, 0E, 8B, 4A, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 6C, E9, 42, 00, 74, 11, A1, 2C, EA, 42, 00, 85, 42, 70, 75, 07, E8, 61, 42, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 70, E1, 42, 00, 74, 15, 8B, 4E, 08, A1, 2C, EA, 42, 00, 85, 41, 70, 75, 08, E8, C4, 45, 00, 00, 89, 46, 04, 8B... 
[+]

Entropy:

5.8598

Code size:

127.5 KB (130,560 bytes)

The file manycamwebinstaller.exe has been seen being distributed by the following 50 URLs.

http://lb.cdn.m6web.fr/d/c/a/e61cb638388ae8dad30a040d245987ab/56ac904d/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/624fdb3ebc1889ba5cd5594e9a0b0e5f/56f19236/soft/.../manycam_5-1-0_fr_60026.exe

http://download3.manycam.com/.../ManyCamWebInstaller.exe

http://lb.cdn.m6web.fr/d/c/a/dfff903387a7235d963772a4af545cd7/56c32fca/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/35ea09407da9e647883c4fc5da03bcaf/57091393/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/864eaff6cdf401903bb52daf1aab7dbf/5741a287/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/59ae71a40aa00ae82275458d3c193a90/5714c471/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/2b0f5adf2c4665b55b1e9cd66243f6a8/5723c5d7/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/a537ffb9d98e28d2c162c979e6033e8b/56900916/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/f343bcff678b4531f1de6995ea1328f0/569658fc/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/dfa268a123e4760ff9e5c5b6d83810de/5714d7d4/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/38e3dbcae1b1e85cc3b54381ba51b5d1/5736361e/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/ce61e87de06c97cf91303d4619356081/5714d696/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/f36955a941b4669c78947f3ae4a40ca7/56fd86f9/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/8367e2c2e8cc889dc43fdf2815c63074/56b7412f/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/3c52a9b457da340fc0864795446f00f9/570a6274/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/f934371249b464041f63c4c05cc069b0/570b8cda/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/752d3c11b8a16389ad5d9baf2dce3425/56c24a2c/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/4f031abb81ba9e28904ee37303b78d63/57100657/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/6a066f6b62ac33890c7e316585ad386d/57376086/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/ea551432c6eaa092486808b9324e6ddf/567c6c90/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/1f16868b71de2a9737d0862a5b5e27fd/5724fe7d/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/8acd2b3b9df442bdf2e722bb5c81ea97/56940706/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/33c9efe7725edd12352e0829444be613/572271c7/soft/.../manycam_5-1-0_fr_60026.exe

http://software-files-a.cnet.com/s/software/13/78/95/.../ManyCamWebInstaller.exe

http://lb.cdn.m6web.fr/d/c/a/6eaf2f9e433c22a84779150a6ca79ba4/56e6f2be/soft/.../manycam_5-1-0_fr_60026.exe

http://dl.fileeagle.com/files/2015/.../ManyCamWebInstaller.exe

http://lb.cdn.m6web.fr/d/c/a/67a377ae7dfe7a196c5b0bc763dbd698/567cb83e/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/f4ea313b02c4ab4060ad46bb7f6b6d93/56a53466/soft/.../manycam_5-1-0_fr_60026.exe

http://lb.cdn.m6web.fr/d/c/a/a1a7cef263775aa3413eefa167ff345e/568bff0d/soft/.../manycam_5-1-0_fr_60026.exe

Latest 30 of 143 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to visicom-83.nationalnet.com (69.50.129.56:443)

TCP (HTTP):

Connects to ec2-54-89-36-60.compute-1.amazonaws.com (54.89.36.60:80)

TCP (HTTP):

Connects to porta181.google-cache.as28624.oops.net.br (187.110.64.181:80)

TCP (HTTP SSL):

Connects to visicom-82.nationalnet.com (69.50.129.55:443)

Remove manycamwebinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.