» downloadmanager.exe
Overview
Analysis
File Details
Network (2)

downloadmanager.exe

setup

OutBrowse

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application downloadmanager.exe by OutBrowse has been detected as adware by 40 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs.

File name:

downloadmanager.exe

Publisher:

@ (signed by OutBrowse)

Product:

setup

Description:

setup file

Version:

1.0.0.1

MD5:

04d97d753f8fe2737a9e04b3dfd874f7

SHA-1:

d8d8d858f68a7ad99ee47394f934463aa0e6025f

SHA-256:

d26ee67b6ca203c265e2a52b26f868eeaee441243e08fadb3c9f84059a0fac3f

Scanner detections:

40 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

6/17/2024 7:27:56 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Parite.B

911

Agnitum Outpost

PUA.OutBrowse

7.1.1

AhnLab V3 Security

Win32/Parite

14.08.07

Avira AntiVirus

W32/Parite

7.11.138.242

avast!

Win32:Parite

2014.9-140807

AVG

MalSign.OutBrowse

2014.0.3623

Baidu Antivirus

Virus.Win32.Parite.$b

4.0.3.1487

Bitdefender

Win32.Parite.B

1.0.20.1095

Bkav FE

W32.Clod208.Trojan

1.3.0.4613

Clam AntiVirus

Heuristics.W32.Parite.B

0.98/18355

Comodo Security

Virus.Win32.Parite.gen

17995

Dr.Web

Adware.Downware.1770

9.0.1.045

Emsisoft Anti-Malware

Win32.Parite

8.14.08.07.08

ESET NOD32

Win32/OutBrowse (variant)

7.9162

Fortinet FortiGate

Riskware/NSIS_OutBrowse

12/17/2013

F-Prot

W32/Parite.B

v6.4.7.1.166

F-Secure

Win32.Parite.B

11.2014-07-08_5

G Data

Win32.Parite

14.8.24

IKARUS anti.virus

not-a-virus:Downloader.NSIS

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.175.10814

Kaspersky

not-a-virus:Downloader.NSIS.OutBrowse

14.0.0.4608

Malwarebytes

PUP.Optional.OutBrowse

v2013.12.17.09

McAfee

Artemis!04D97D753F8F

5600.7279

Microsoft Security Essentials

Virus:Win32/Parite.B

1.10401

MicroWorld eScan

Win32.Parite.B

15.0.0.657

NANO AntiVirus

Virus.Win32.Parite.bgvo

0.28.0.58720

Norman

Pinfi.A

11.20140807

nProtect

Virus/W32.Parite.C

14.03.26.01

Panda Antivirus

W32/Parite.B

14.08.07.08

Qihoo 360 Security

Win32/Virus.Downloader.ad6

1.0.0.1015

Quick Heal

W32.Perite.A

8.14.12.00

Reason Heuristics

PUP.Installer.OutBrowse.P

14.8.7.20

Rising Antivirus

PE:Win32.Parite.b!16043

23.00.65.14805

Sophos

Generic PUA NI

4.95

Total Defense

Win32/Pinfi.A

37.0.10840

Trend Micro House Call

TROJ_GEN.F47V1211

7.2.351

Trend Micro

PE_PARITE.A

10.465.07

Vba32 AntiVirus

Downloader.OutBrowse

3.12.24.3

VIPRE Antivirus

OutBrowse

25324

ViRobot

Win32.Parite.A

2011.4.7.4223

File size:

1.3 MB (1,338,136 bytes)

Product version:

1.0.0.1

Original file name:

setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

OutBrowse Revenyou

Language:

English (United States)

Common path:

C:\windows\temp\downloadmanager.exe

Digital Signature

Signed by:

OutBrowse

Authority:

VeriSign, Inc.

Valid from:

10/24/2013 2:00:00 AM

Valid to:

10/25/2014 1:59:59 AM

Subject:

CN=OutBrowse, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=OutBrowse, L=Ramat Gan, S=Ramat Gan, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

56A6FE571611B68C9224798AD62913CA

File PE Metadata

Compilation timestamp:

12/1/2013 12:40:33 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:g6/Ux7a1TTyH9uRkyhjWNTOJcMw7pd/i6Hfdq3QSVRjgNdUzaW6uou:o7a4H9uGy70nLfQ3QS3jgTUWBju

Entry address:

0xE8A7F

Entry point:

E8, FE, AC, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, CC, 90, 52, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 2A, 9C, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 1A, 9C, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49... 
[+]

Code size:

1 MB (1,063,424 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 224-124-232-198.static.unitasglobal.net (198.232.124.224:80)

TCP (HTTP):

Connects to fa-in-f156.1e100.net (173.194.70.156:80)

Remove downloadmanager.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.