home

manycamwebinstaller.exe

ManyCam virtual Webcam

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application manycamwebinstaller.exe, “ManyCam Virtual Webcam Web Installer” by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. While running, it connects to the Internet address server-54-230-202-180.fra50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
ManyCam virtual Webcam

Description:
ManyCam Virtual Webcam Web Installer

Version:
1.0.0.8

MD5:
56d36ccdf4e59a2a8a892f2fa0d3e964

SHA-1:
a92ee24161011a3a8983087d5c7b1f8ef1c41fee

SHA-256:
31a7c8e79cfeb10d801ef575b76844499b2d7f8ff585c7642e3b008ca7fd6e01

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 6:36:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.VisicomMedia.T
14.5.20.13

File size:
238.6 KB (244,320 bytes)

Product version:
1.0.0.8

Copyright:
© 2006-2014 Visicom Media Inc.

Trademarks:
, All Rights Reserved

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\manycamwebinstaller.exe

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
Thawte, Inc.

Valid from:
4/18/2012 2:00:00 AM

Valid to:
6/22/2014 1:59:59 AM

Subject:
CN=Visicom Media Inc., OU=SECURE APPLICATION DEVELOPMENT, O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2B19B54BB7ABEE1A2623111C029AF449

File PE Metadata
Compilation timestamp:
4/29/2014 3:50:43 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:P3BtrlGAfwtH2XDBym7BRhtOWUxVQM7TW+Nx4knGhFU3FU/MkkLG:P3BplytGBym7BRhtOWpM7TWbh636/Mkt

Entry address:
0x395A

Entry point:
E8, 95, 34, 00, 00, E9, 8B, FE, FF, FF, E9, 01, 16, 00, 00, 3B, 0D, 30, 31, 42, 00, 75, 02, F3, C3, E9, 8C, 17, 00, 00, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, E8, 03, 2A, 00, 00, 8B, D0, 89, 56, 08, 8B, 4A, 6C, 89, 0E, 8B, 4A, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 34, 39, 42, 00, 74, 11, A1, F4, 39, 42, 00, 85, 42, 70, 75, 07, E8, B9, 3C, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 3C, 31, 42, 00, 74, 15, 8B, 4E, 08, A1, F4, 39, 42, 00, 85, 41, 70, 75, 08, E8, 1C, 40, 00, 00, 89, 46, 04, 8B...
 
[+]

Code size:
96 KB (98,304 bytes)

The file manycamwebinstaller.exe has been seen being distributed by the following 5 URLs.

&onid=2348&oid=3001-2348_4-10593500&rsid=cbsidownloadcomsite&sl=en&sc=us&pdguid=download:13729930&topicguid=chat-voip-email/webcam-video&topicbrcrm=windows software&pid=13729930&mfgid=6287609&merid=6287609&ctype=dm&cval=NONE&devicetype=desktop&pguid=080c33f7edb6cf4b33cccb07&viewguid=OO-bRC9psl@hFzBEW8nqqwFR11gLZJOLafKo&destUrl=http://software-files-a.cnet.com/s/software/13/72/99/.../ManyCamWebInstaller.exe

http://www.myfreesoft.ru/wp-content/.../ManyCamWebInstaller.exe

http://www.myfreesoft.ru/.../ManyCamWebInstaller.exe

http://download.forest.impress.co.jp/pub/library/m/manycam/.../ManyCamWebInstaller.exe

http://software-files-a.cnet.com/s/software/13/72/99/.../ManyCamWebInstaller.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to visicom-83.nationalnet.com  (69.50.129.56:443)

TCP (HTTP):
Connects to server-54-230-202-180.fra50.r.cloudfront.net  (54.230.202.180:80)

Remove manycamwebinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.