bundle_networkmanager.exe

Borussia Dortmund Demo

Develop Proekt, TOV

The application bundle_networkmanager.exe, “Borussia Dortmund gmbh” by Develop Proekt, TOV has been detected as a potentially unwanted program by 3 anti-malware scanners. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install. The file has been seen being downloaded from www.hrwrap.tech.
Publisher:
Borussia Dortmund  (signed by Develop Proekt, TOV)

Product:
Borussia Dortmund Demo

Description:
Borussia Dortmund gmbh

Version:
2.10.26.43

MD5:
baee50cdd70d8b211a1526bf1d41082c

SHA-1:
86c087a0f35f9cf21f84541e244f69526706d9d0

SHA-256:
bebd9e8ab751fb1fb40eafb8a4e95b2c10503f01be583cfaa0f15476dbbdcf82

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
7/10/2025 12:19:38 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Amonetize.UE potentially unwanted application
8.0.319.0

Kaspersky
not-a-virus:AdWare.Win32.Amonetize
15.0.0.562

Reason Heuristics
PUP.Amonetize.DevelopP (M)
16.5.9.15

File size:
398 KB (407,560 bytes)

Product version:
2.10.26.43

Original file name:
bor.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\bundle_networkmanager.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/17/2016 8:00:00 PM

Valid to:
4/18/2017 7:59:59 PM

Subject:
CN="Develop Proekt, TOV", OU=IT, O="Develop Proekt, TOV", STREET="vul. PREDSLAVYNSKA, 34-B", L=Kiev, S=Kiev, PostalCode=01010, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BEE04287A1E0464634495BC96248B8F7

File PE Metadata
Compilation timestamp:
5/8/2016 12:28:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:+w/wVe6llnwQHHVqnR0ZCtHyYRsdFffhppoO:N/knHnVqR03Y2dFXhXoO

Entry address:
0x39AC

Entry point:
E8, 05, 1B, 00, 00, E9, 7F, FE, FF, FF, 6A, 08, B8, 64, E7, 39, 00, E8, BD, 1C, 00, 00, FF, 75, 08, 83, 65, FC, 00, E8, F3, FD, FF, FF, 59, EB, 0D, 83, 65, EC, 00, B8, DB, 39, 39, 00, C3, 8B, 45, EC, E8, 55, 1C, 00, 00, C3, E8, 66, 0B, 00, 00, 85, C0, 75, 06, B8, C4, 51, 3A, 00, C3, 83, C0, 0C, C3, 55, 8B, EC, 56, E8, E4, FF, FF, FF, 8B, 4D, 08, 51, 89, 08, E8, 20, 00, 00, 00, 59, 8B, F0, E8, 05, 00, 00, 00, 89, 30, 5E, 5D, C3, E8, 32, 0B, 00, 00, 85, C0, 75, 06, B8, C0, 51, 3A, 00, C3, 83, C0, 08, C3, 55...
 
[+]

Entropy:
6.4090

Code size:
54.5 KB (55,808 bytes)

The file bundle_networkmanager.exe has been seen being distributed by the following URL.

Remove bundle_networkmanager.exe - Powered by Reason Core Security