× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 1ee9b1a0d29ebd6fd12e64f3ffe2d56ef1d239171c904ded5d2235357254d4b7
File name: RegNow Download Manager
Detection ratio: 0 / 56
Analysis date: 2015-05-13 10:27:08 UTC ( 3 years, 9 months ago )
Antivirus Result Update
Ad-Aware 20150513
AegisLab 20150513
Yandex 20150513
AhnLab-V3 20150513
Alibaba 20150513
ALYac 20150513
Antiy-AVL 20150513
Avast 20150513
AVG 20150513
Avira (no cloud) 20150513
AVware 20150513
Baidu-International 20150513
BitDefender 20150513
Bkav 20150513
ByteHero 20150513
CAT-QuickHeal 20150513
ClamAV 20150513
CMC 20150513
Comodo 20150513
Cyren 20150513
DrWeb 20150513
Emsisoft 20150513
ESET-NOD32 20150513
F-Prot 20150513
F-Secure 20150513
Fortinet 20150513
GData 20150513
Ikarus 20150513
K7AntiVirus 20150513
K7GW 20150513
Kaspersky 20150513
Kingsoft 20150513
Malwarebytes 20150513
McAfee 20150513
McAfee-GW-Edition 20150513
Microsoft 20150513
eScan 20150513
NANO-Antivirus 20150513
Norman 20150513
nProtect 20150513
Panda 20150513
Qihoo-360 20150513
Rising 20150513
Sophos AV 20150513
SUPERAntiSpyware 20150512
Symantec 20150513
Tencent 20150513
TheHacker 20150511
TotalDefense 20150513
TrendMicro 20150513
TrendMicro-HouseCall 20150513
VBA32 20150513
VIPRE 20150513
ViRobot 20150513
Zillya 20150513
Zoner 20150513
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
© RegNow.com

Publisher Digital River
Product RegNow Download Manager
Original name DldManager.exe
Internal name RegNow Download Manager
File version 1.0.0
Description RegNow Download Manager
Signature verification Signed file, verified signature
Signing date 1:39 PM 8/22/2012
Signers
[+] Digital River
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 11/10/2009
Valid to 12:59 AM 11/10/2012
Valid usage Code Signing
Algorithm SHA1
Thumbprint F6CAEF68847B9A298D3B0426D79B19F3DB53F03B
Serial number 0D C5 FA 3D 4C A8 C6 46 A9 39 4C FE 5D F9 94 32
[+] VeriSign Class 3 Code Signing 2009-2 CA
Status Valid
Issuer None
Valid from 1:00 AM 5/21/2009
Valid to 12:59 AM 5/21/2019
Valid usage Client Auth, Code Signing
Algorithm SHA1
Thumbprint 12D4872BC3EF019E7E0B6F132480AE29DB5B1CA3
Serial number 65 52 26 E1 B2 2E 18 E1 59 0F 29 85 AC 22 E7 5C
[+] VeriSign Class 3 Public Primary CA
Status Valid
Issuer None
Valid from 1:00 AM 1/29/1996
Valid to 12:59 AM 8/2/2028
Valid usage Email Protection, Client Auth, Code Signing, Server Auth
Algorithm MD2
Thumbprint 742C3192E607E424EB4549542BE1BBC53E6174E2
Serial number 70 BA E4 1D 10 D9 29 34 B6 38 CA 7B 03 CC BA BF
Counter signers
[+] Symantec Time Stamping Services Signer - G3
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 5/1/2012
Valid to 12:59 AM 1/1/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Serial number 79 A2 A5 85 F9 D1 15 42 13 D9 B8 3E F6 B6 8D ED
[+] VeriSign Time Stamping Services CA
Status Certificate out of its validity period
Issuer None
Valid from 1:00 AM 12/4/2003
Valid to 12:59 AM 12/4/2013
Valid usage Timestamp Signing
Algorithm SHA1
Thumbrint F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Serial number 47 BF 19 95 DF 8D 52 46 43 F7 DB 6D 48 0D 31 A4
[+] Thawte Timestamping CA
Status Valid
Issuer None
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm MD5
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
F-PROT UPX_LZMA
PEiD UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-09-14 15:54:33
Entry Point 0x001049B0
Number of sections 3
PE sections
Overlays
MD5 ae39116f49f12b2812ded7bbe154e9c9
File type data
Offset 356864
Size 10400
Entropy 5.43
PE imports
RegEnumKeyA
InitCommonControlsEx
Escape
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
VariantCopy
SHGetMalloc
PathIsUNCA
FreeContextBuffer
OpenPrinterA
GetFileTitleA
CoTaskMemFree
Number of PE resources by type
RT_STRING 65
RT_DIALOG 35
RT_CURSOR 17
RT_GROUP_CURSOR 16
RT_ICON 8
RT_BITMAP 6
RT_HTML 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 152
PE resources
ExifTool file metadata
UninitializedDataSize
733184

LinkerVersion
8.0

ImageVersion
0.0

FileVersionNumber
1.0.7.1

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

InitializedDataSize
24576

FileOS
Win32

EntryPoint
0x1049b0

MIMEType
application/octet-stream

FileVersion
1.0.0

TimeStamp
2009:09:14 16:54:33+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
RegNow Download Manager

ProductVersion
1.0.0

SubsystemVersion
4.0

OSVersion
4.0

OriginalFilename
DldManager.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
RegNow.com

CodeSize
335872

FileSubtype
0

ProductVersionNumber
1.0.7.1

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 909a2552c8eae953dd291ef49036e4e2
SHA1 a9d92068d540e1cd54a79b68e46453281ef65dc3
SHA256 1ee9b1a0d29ebd6fd12e64f3ffe2d56ef1d239171c904ded5d2235357254d4b7
ssdeep
6144:Dl8KWs/bWq+nR6xtEstSlckJ4OUSccLU4968TI+RjoSIA:Dl837cCHJrccvZPRjoSIA

authentihash 972df10deab6c91f30a7374c5299b87ec98efd2d6c760dcf7e3058258823ae0f
imphash 7fbc84ae33c5cb1e7584b1e84d28f778
File size 358.7 KB ( 367264 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe signed upx overlay

VirusTotal metadata
First submission 2015-04-17 17:27:35 UTC ( 3 years, 10 months ago )
Last submission 2015-04-17 18:17:10 UTC ( 3 years, 10 months ago )
File names DldManager.exe
1345639175-Download_Monopoly-Shareware.exe
RegNow Download Manager
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Moved files
Deleted files
Created mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications