home

bundle_networkmanager.exe

City Inc

Develop Invest GROUP, TOV

The application bundle_networkmanager.exe by Develop Invest GROUP, TOV has been detected as a potentially unwanted program by 4 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.hrwrap.tech.
Publisher:
Manchester City Inc  (signed by Develop Invest GROUP, TOV)

Product:
City Inc

Description:
Manchester

Version:
7.2.0.26

MD5:
aa0590951536d3f239a1f1193fdc1451

SHA-1:
75f76f1fbed82157e63f10e3aae888600324547e

SHA-256:
ae97a29d2a1807f15f5fbe9c3c2f0ff3433e10201e190a341915822fea3e9a8c

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
7/10/2025 12:12:26 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Amonetize.IV
8.3.3.4

Dr.Web
Trojan.Amonetize.12912
9.0.1.0115

Qihoo 360 Security
QVM10.1.Malware.Gen
1.0.0.1120

Reason Heuristics
PUP.Amonetize.DevelopI (M)
16.4.24.14

File size:
377 KB (386,080 bytes)

Product version:
7.2.0.0

Original file name:
city.exe

File type:
Executable application (Win32 EXE)

Language:
English (Malaysia)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bundle_networkmanager.exe

Digital Signature
Signed by:
Develop Invest GROUP, TOV

Authority:
COMODO CA Limited

Valid from:
4/16/2016 7:00:00 PM

Valid to:
4/17/2017 6:59:59 PM

Subject:
CN="Develop Invest GROUP, TOV", OU=IT, O="Develop Invest GROUP, TOV", STREET="vul. Katerynynska, 33", L=Odesa, S=Odeska, PostalCode=65000, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4D63C89BF3BE8D25145431EFD3FD9B18

File PE Metadata
Compilation timestamp:
4/24/2016 9:09:34 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:4kZi5IzYuNzfANxJEzi1l7NZbgJtf4bCz+hwxOkZaTQx+EzlGyQE:4I5YuxfGf1VNaLf4bCZNGQMEzPQ

Entry address:
0x1A23

Entry point:
E8, ED, 23, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 94, 47, 3A, 00, FF, 15, 1C, D0, 39, 00, 85, C0, 75, 18, 56, E8, 58, 07, 00, 00, 8B, F0, FF, 15, 18, D0, 39, 00, 50, E8, 5D, 07, 00, 00, 59, 89, 06, 5E, 5D, C3, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, 88, D1, 39, 00, C6, 46, 08, 00, FF, 30, E8, A8, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, 88, D1, 39, 00, 8B, 00, 89, 41, 04, C6, 41, 08, 00, 8B, C1, 5D, C2...
 
[+]

Entropy:
7.0799

Code size:
46 KB (47,104 bytes)

The file bundle_networkmanager.exe has been seen being distributed by the following URL.

http://www.hrwrap.tech/.../Bundle_NetworkManager.exe

Remove bundle_networkmanager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.