home

the wedownload manager-bg.exe

The weDownload Manager

weDownload

The application the wedownload manager-bg.exe, “The weDownload Manager exe” has been detected as adware by 8 anti-malware scanners. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads. While running, it connects to the Internet address ip-50-63-202-52.ip.secureserver.net on port 80 using the HTTP protocol.
Publisher:
weDownload

Product:
The weDownload Manager

Description:
The weDownload Manager exe

Version:
1000.1000.1000.1000

MD5:
cb01b71ac0020a8c19320b02b8a750a0

SHA-1:
684a2c0188c6282f7497d6dd8dd5f0f38312ccfc

SHA-256:
34de74c741b94779aa5a45b3854c137cbc4737f7ca1a6ef88c1d17eb89c86541

Scanner detections:
8 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
4/19/2024 3:57:19 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14315

ESET NOD32
Win32/Toolbar.CrossRider.AA (variant)
8.9533

herdProtect (fuzzy)
variant of video-for-pc-1.2-bg.exe (Adware)
2014.4.25.7

Malwarebytes
PUP.Optional.weDownload.A
v2014.03.15.07

Reason Heuristics
PUP.Crossrider.weDownload.Z
14.3.15.19

Sophos
weDownload Manager
4.98

Trend Micro House Call
TROJ_GEN.F47V0304
7.2.74

VIPRE Antivirus
Crossrider
27040

File size:
516.5 KB (528,896 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
The weDownload Manager.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\the wedownload manager\the wedownload manager-bg.exe

File PE Metadata
Compilation timestamp:
3/2/2014 2:07:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:3bK+KFjPKK61B1wzYw4MjBtJ4619TQTfq:+FqGzLZLbT

Entry address:
0x4631D

Entry point:
E8, 6D, B1, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 40, B9, 47, 00, E8, 6D, 01, 00, 00, E8, 0A, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, 00, B1, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A2, 11, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4247

Code size:
401 KB (410,624 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-50-63-202-52.ip.secureserver.net  (50.63.202.52:80)

TCP (HTTP SSL):
Connects to ec2-23-23-140-252.compute-1.amazonaws.com  (23.23.140.252:443)

Remove the wedownload manager-bg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.