ManyDownloader.exe

ManyDownloader

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application ManyDownloader.exe by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address tracker.janky.solutions on port 80 using the HTTP protocol.
Publisher:
Visicom Media Inc.  (signed and verified)

Product:
ManyDownloader

Version:
2.0.2.355

MD5:
cb35dc18d314b0775b3476611b0ff3ab

SHA-1:
82a92392581b3fac07e33d1017f17383b5076801

SHA-256:
54334a0e91b1932949a0ef008111be958f0cde06e5621820d867c1712226db34

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
8/19/2018 9:18:03 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Visicom.VisicomM (M)
16.4.5.19

File size:
26.7 MB (27,945,464 bytes)

Product version:
2.0.0.0

Copyright:
Copyright © 1996-2016 Visicom Media Inc.

Original file name:
ManyDownloader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\manydownloader\manydownloader.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
2/9/2015 7:00:00 AM

Valid to:
2/9/2017 6:59:59 AM

Subject:
CN=Visicom Media Inc., OU=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
0F7022688814C950B353E71B8D1C1D84

File PE Metadata
Compilation timestamp:
3/23/2016 1:29:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:LeFxI3w5dZ+Ow6srWU+G45ZAFbVfYN3z15VUgtRJIywgAQfYOYOTTZcVbpNjMfhY:L8I3w5dAOwsIngayR1swNK9SpGJ

Entry address:
0x1241160

Entry point:
55, 8B, EC, 83, C4, EC, 53, 33, C0, 89, 45, EC, B8, 4C, E7, 5F, 01, E8, 32, F8, DC, FE, 8B, 1D, 1C, 22, 74, 01, 33, C0, 55, 68, 65, 12, 64, 01, 64, FF, 30, 64, 89, 20, E8, 5D, 8F, EE, FF, E8, C0, 8B, EE, FF, 84, C0, 75, 05, E8, 0F, 96, DC, FE, 8D, 45, EC, E8, BF, 83, F8, FF, 8B, 55, EC, A1, D4, F4, 73, 01, 8B, 00, 05, CC, 01, 00, 00, E8, E7, 9C, DC, FE, 8B, 03, E8, E4, BD, 07, FF, A1, F4, 44, 74, 01, 8B, 00, 8B, 90, 8C, 00, 00, 00, 8B, 03, E8, F4, B7, 07, FF, 8B, 03, B2, 01, E8, 0F, DB, 07, FF, 8B, 03, BA...
 
[+]

Entropy:
6.7862

Developed / compiled with:
Microsoft Visual C++

Code size:
18.3 MB (19,136,512 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to tracker.janky.solutions  (5.196.95.20:80)

TCP:
Connects to pc-29-225-120-200.cm.vtr.net  (200.120.225.29:49833)

TCP (HTTP):
Connects to boieroom.org  (141.255.161.22:80)

TCP:
Connects to 102.147.96.66.static.eigbox.net  (66.96.147.102:6969)

Remove ManyDownloader.exe - Powered by Reason Core Security