Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.Open Downloader Manager

PUP.Open Downloader Manager

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank: 1,815
Threat Level: 10 % (Normal)
Infected Computers: 72,720
First Seen: January 10, 2014
Last Seen: December 2, 2025
OS(es) Affected: Windows

Registry Details

PUP.Open Downloader Manager may create the following registry entry or registry entries:
CLSID
{01483019-D8C9-47D8-8E93-AF032EBFADA6}
{19CAD08F-0413-47F8-B1D9-5D66826E1E39}
{42130E6A-0045-4208-A252-71CA12C8FE99}
{4D6295C9-2765-49B0-A45B-4136B610954C}
{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
{56101D38-6A8B-49D6-8C9D-939595AB2D19}
{5A810830-B199-4a4c-89CB-928D960A5C04}
{83E6F60E-7147-4475-9DF6-5F1E237FE2CE}
{D8E9E2ED-846D-4711-A9B8-A29312157DB4}
{DA122254-5927-44C6-8E37-459473384004}
{DEBBD32E-1D08-4F6A-8A26-E1B3D768A1E5}
{E66B63B0-49F8-47E3-A9BA-799287B59E87}
{F01F76EC-3376-4E62-B201-8074C8239376}
File name without path
http_opendownloadmanager.com_0.localstorage
http_opendownloadmanager.com_0.localstorage-journal
odownloadmanager[1].xml
OpenDownloaderManager.lnk
OpenDownloadManager.lnk
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Classes\FDM.FdmUiWindow.1
SOFTWARE\Classes\FDMDownloadsStat.FDMDownloadsStat
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\odownloadmanager.com
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\opendownloadmanager.com
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\odownloadmanager.com
SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\opendownloadmanager.com
SOFTWARE\Classes\WG.WGUrlListReceiver
SOFTWARE\Classes\WG.WGUrlListReceiver.1
SOFTWARE\Classes\WG.WGUrlReceiver
SOFTWARE\Classes\WG.WGUrlReceiver.1
Software\Microsoft\Internet Explorer\DOMStorage\opendownloadmanager.com
SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{1C306DF7-2171-45c8-9324-D36448104BD5}
SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C306DF7-2171-45c8-9324-D36448104BD5}
Software\Microsoft\Internet Explorer\MenuExt\Download all with Open Download Manager
Software\Microsoft\Internet Explorer\MenuExt\Download selected with Open Download Manager
Software\Microsoft\Internet Explorer\MenuExt\Download video with Open Download Manager
Software\Microsoft\Internet Explorer\MenuExt\Download with Open Download Manager
Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager\OpenDownloaderManager.lnk
Software\Microsoft\Windows\CurrentVersion\Run\Open Download Manager
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenDownloaderManager
SOFTWARE\OpenDownloadManager
Software\OpenDownloadManager.COM
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{1C306DF7-2171-45c8-9324-D36448104BD5}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C306DF7-2171-45c8-9324-D36448104BD5}
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OpenDownloaderManager
SOFTWARE\Wow6432Node\OpenDownloadManager
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
OpenDownloadManager

Directories

PUP.Open Downloader Manager may create the following directory or directories:

%APPDATA%\Microsoft\Windows\Start Menu\Programs\OpenDownloadManager
%APPDATA%\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
%APPDATA%\Open Download Manager
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\OpenDownloaderManager
%PROGRAMFILES%\ODMDownloader
%PROGRAMFILES%\OpenDownloadManager
%PROGRAMFILES%\OpenDownloaderManager
%PROGRAMFILES%\_OpenDownloaderManager_
%PROGRAMFILES(X86)%\ODMDownloader
%PROGRAMFILES(X86)%\OpenDownloadManager
%PROGRAMFILES(X86)%\OpenDownloaderManager
%PROGRAMFILES(X86)%\_OpenDownloaderManager_

Analysis Report

General information

Family Name: PUP.Open Downloader Manager
Signature status: Self Signed

Known Samples

MD5: 375dc889b1ea948121498ebfd3107837
SHA1: f5bee47df02fe59769d7218d5935e8604e69d906
SHA256: 3BFBC771520637850A1F2495FFE75DE253E2E1F3BB21B19863C16ADF65A64041
File Size: 405.28 KB, 405280 bytes
MD5: 634e03e8cb8d1a25498c36b7d6da0ed4
SHA1: aab05ffabe2a826409aeef764079408e6e622523
SHA256: ED330CAE685849EA7312A2EB8EFD2D9158D9285D8365DCA347ED305198865C2B
File Size: 686.65 KB, 686648 bytes
MD5: 82b17363dc174023ba306de57364eb5d
SHA1: 1be4a7f4402ccdf3044f28242a5f09bb9fcfba3a
SHA256: A313B12A05C564337DEADC433FEA83F23FDEFE2C3C95CFD3CB45C4C548A477E7
File Size: 619.68 KB, 619680 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name VolatileSpeedup Stream
File Description
  • driverhelper64
  • Open Downloader Manager
File Version
  • 3.1.0.0
  • 1.0.0.1
Internal Name
  • ddrx.dll
  • DownloadAll_v2.exe
Legal Copyright
  • (c) VolatileSpeedup Stream 2020
  • All rights reserved.
  • Copyright 2015
Original Filename
  • ddrx.dll
  • DownloadAll_v2.exe
Product Name
  • driverhelper64
  • O D M
Product Version
  • 1.0.0.1

Digital Signatures

Signer Root Status
InstallerTech Co COMODO RSA Code Signing CA Self Signed
Antanda, LLC Go Daddy Secure Certification Authority Self Signed
Traffic Space, LLC Symantec Class 3 SHA256 Code Signing CA Self Signed

Block Information

Similar Families

  • Kryptik.FTP

Files Modified

File Attributes
c:\users\user\appdata\local\temp\nsd733f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi6702.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsi72bf.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsi735f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn72df.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsn737f.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss7211.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss72ff.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst67cf.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx6712.tmp\banner.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\nsx6712.tmp\inetc.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx6712.tmp\ipbhelper.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx6712.tmp\quid.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx6712.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx7231.tmp Generic Write,Read Attributes
c:\users\user\downloads\1.txt Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
Show More
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Network Wininet
  • HttpOpenRequest
  • HttpQueryInfo
  • HttpSendRequest
  • InternetConnect
  • InternetOpen
  • InternetQueryOption
  • InternetReadFile

Trending

Most Viewed

Loading...