» tinydm.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)
Network (2)

tinydm.exe

Tiny download manager

M417 LTD.

The application tinydm.exe by M417 has been detected as adware by 2 anti-malware scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Tiny download manager’. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.tinydm.com. While running, it connects to the Internet address www31.speedyshare.com on port 80 using the HTTP protocol.

File name:

tinydm.exe

Publisher:

http://www.tinydm.com/ (signed by M417 LTD.)

Product:

Tiny download manager

Version:

2.3.0.0

MD5:

ee3802fb8e597d3436c3054599b617bd

SHA-1:

fb83d4dcc038db70201abc94ef5b47617ff2e422

SHA-256:

f61a2f722080307b065de6bab956cd2a0611c8acddc1889c764738f311a8d417

Scanner detections:

2 / 68

Status:

Adware

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

5/2/2024 2:08:22 PM UTC (today)

Scan engine

Detection

Engine version

Panda Antivirus

Trj/InstallMonetizer.A

14.08.16.01

Reason Heuristics

PUP.M417.G

14.8.16.13

File size:

283 KB (289,752 bytes)

Product version:

2.3

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\dm\tinydm.exe

Digital Signature

Signed by:

M417 LTD.

Authority:

StartCom Ltd.

Valid from:

8/12/2013 9:14:35 AM

Valid to:

8/12/2015 6:35:02 PM

Subject:

E=INFO@M417LTD.NET, CN=M417 LTD., O=M417 LTD., L=London, S=Greater London, C=GB, Description=Q1G5XvtHln8BTB3V

Issuer:

CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:

0AB5

File PE Metadata

Compilation timestamp:

8/15/2014 8:40:00 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:A6p1l8m71gYn2/yBomUpH2sasPZ2qsttGSwCm/oVdl+H4lEEoSLdMK:A0WMj0yE52qsfGSyQVWYlEEoSLdn

Entry address:

0xBF0F0

Entry point:

60, BE, 00, 00, 48, 00, 8D, BE, 00, 10, F8, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, A7, DA, 0B, 00, 57, 83, C3, 04, 53, 68, E1, F0, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

256 KB (262,144 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Tiny download manager

Command:

"C:\users\{user}\appdata\local\dm\tinydm.exe" \m

The file tinydm.exe has been seen being distributed by the following URL.

http://www.tinydm.com/TinyDM.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www32.speedyshare.com (207.244.73.52:80)

TCP (HTTP):

Connects to www31.speedyshare.com (207.244.73.42:80)

Remove tinydm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.