Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

5.0.0.12712 2.08%
5.0.0.12627 2.08%
5.0.0.9854 4.17%
5.0.0.9396 20.83%
5.0.0.9092 2.08%
5.0.0.8483 2.08%
5.0.0.8109 12.50%
5.0.0.8109 2.08%
5.0.0.8080 6.25%
5.0.0.7931 2.08%
5.0.0.7254 25.00%
5.0.0.7189 2.08%
5.0.0.7062 2.08%
5.0.0.6767 2.08%
5.0.0.6254 2.08%
5.0.0.5848 10.42%

Relationships

Parent process
Child process

PE structurePE file structure
Show functions
Import table
advapi32.dll
CloseServiceHandle, GetLengthSid, IsValidSid, CopySid, GetSidSubAuthority, InitializeSid, GetSidLengthRequired, GetUserNameW, RegSetValueExW, RegDeleteValueW, CreateProcessAsUserW, SetTokenInformation, SaferCloseLevel, SaferComputeTokenFromLevel, SaferCreateLevel, GetSidSubAuthorityCount, GetTokenInformation, ConvertSidToStringSidW, LookupAccountNameW, RegDeleteKeyW, RegQueryInfoKeyW, RegEnumKeyExW, GetSecurityInfo, GetAce, RegEnumValueW, RegCloseKey, RegOpenKeyExW, RegQueryValueExW, ReportEventW, RegisterServiceCtrlHandlerW, SetServiceStatus, DeregisterEventSource, StartServiceCtrlDispatcherW, RegisterEventSourceW, GetSecurityDescriptorDacl, ControlService, CheckTokenMembership, BuildExplicitAccessWithNameW, FreeSid, SetEntriesInAclW, AllocateAndInitializeSid, ChangeServiceConfigW, ImpersonateLoggedOnUser, QueryServiceStatus, DuplicateTokenEx, StartServiceW, ChangeServiceConfig2W, QueryServiceObjectSecurity, AdjustTokenPrivileges, RevertToSelf, LookupPrivilegeValueW, InitializeAcl, AddAce, SetSecurityInfo, GetAclInformation, CreateServiceW, RegCreateKeyExW, OpenProcessToken, DeleteService, OpenSCManagerW, SetServiceObjectSecurity, OpenServiceW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, GetSecurityDescriptorSacl, ConvertStringSecurityDescriptorToSecurityDescriptorW, QueryServiceConfigW, QueryServiceStatusEx, RegOpenKeyW
dbghelp.dll
StackWalk, SymGetModuleBase, UnDecorateSymbolName, SymGetSymFromAddr64, SymGetLineFromAddr, SymInitialize, SymCleanup, SymFunctionTableAccess, SymSetOptions
kernel32.dll
DllMain
ole32.dll
CLSIDFromProgID, CoUninitialize, CoCreateInstance, CoCreateGuid, CoTaskMemFree, StringFromIID, CoInitialize, StringFromCLSID, CLSIDFromString, CoInitializeEx, CoInitializeSecurity
psapi.dll
GetProcessMemoryInfo
rpcrt4.dll
RpcStringFreeW, UuidToStringW
sensapi.dll
IsNetworkAlive
shell32.dll
SHGetSpecialFolderPathW, SHGetFolderPathW, SHFileOperationW, ShellExecuteExW
shlwapi.dll
PathAppendW, PathFindFileNameW, PathFileExistsW, StrStrIW, UrlEscapeW, PathGetArgsW
user32.dll
GetGUIThreadInfo, wsprintfW
userenv.dll
UnloadUserProfile, CreateEnvironmentBlock, DestroyEnvironmentBlock
version.dll
GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
wininet.dll
InternetGetConnectedState
wtsapi32.dll
WTSQueryUserToken, WTSFreeMemory, WTSQuerySessionInformationW

DatamngrCoordinator.exe

Datamngr Coordinator by Bandoo Media (Signed)

Remove DatamngrCoordinator.exe
Version:   5.0.0.9396
MD5:   877edbc3a7adc0d3f95ace3bc2813d5a
SHA1:   00f3b4e29025a89104ebd8cd4defaa956602ed96
SHA256:   8d564e199253bf7a435df73c9950928fc2e64b21ffcfc76bf59e6fc06885cdad
Warning 6 antivirus scanners has detected malware.

Overview

datamngrcoordinator.exe is malware that runs as a service under the name Datamngr Coordinator2 (DatamngrCoordinator2) within the local user context. The file is digitally signed by Bandoo Media which was issued by the Thawte certificate authority (CA).

DetailsDetails

File name:datamngrcoordinator.exe
Publisher:Bandoo Media Inc.
Product name:Datamngr Coordinator
Typical file path:C:\Program Files\search results toolbar\datamngr\datamngrcoordinator.exe
File version:5.0.0.9396
Size:3.26 MB (3,419,136 bytes)
Build date:9/24/2013 6:58 PM
Certificate
Issued to:Bandoo Media
Authority (CA):Thawte
Effective date:Tuesday, September 18, 2012
Expiration date:Sunday, November 2, 2014
Digital DNA
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'DatamngrCoordinator2' (Datamngr Coordinator2)
  • DatamngrCoordinator
  • 'DatamngrCoordinator' (Datamngr Coordinator)

MalwareMalware detections

Based on 40+ industry antivirus scanners, 6 of them detected the following malware.
Antivirus engineEngine versionDetection
Comodo Internet Security 17331 Application.Win32.Bandoo.ga
ESET NOD32 7.9089 a variant of Win32/Toolbar.SearchSuite.D
Kingsoft 2013.4.9.267 Win32.Troj.Generic.a.(kcloud)
Malwarebytes 1.75.0.1 PUP.Optional.Bandoo.A
Sophos 4.95.0 Generic PUA AA
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V0924

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.01670627%
0.028634%
Kernel CPU:0.00795182%
0.013761%
User CPU:0.00875445%
0.014873%
Kernel CPU time:24,474,349 ms/min
100,923,805ms/min
Context switches:1/sec
284/sec
Memory
Private memory:3.85 MB
21.59 MB
Private (maximum):11.27 MB
Private (minimum):8.77 MB
Non-paged memory:3.85 MB
21.59 MB
Virtual memory:172.44 MB
140.96 MB
Virtual memory (peak):204.81 MB
169.69 MB
Working set:9.21 MB
18.61 MB
Working set (peak):12.01 MB
37.95 MB
Resource allocations
Threads:11
12
Handles:169
600
GUI GDI count:8
103
GUI USER count:2
49

BehaviorsProcess properties

Integrety level:System
Platform:32-bit
Command lines:
  • "C:\Program Files\movies toolbar\datamngr\datamngrcoordinator.exe"
  • "C:\Program Files\movies toolbar\datamngr\datamngrcoordinator.exe" -monitor 424
  • "C:\Program Files\movies toolbar\datamngr\datamngrcoordinator.exe" -monitor 364
  • "C:\Program Files\movies toolbar\datamngr\datamngrcoordinator.exe" -monitor 444
  • "C:\Program Files\movies toolbar\datamngr\datamngrcoordinator.exe" -monitor 924
Owner:User
Windows Service
Service name:DatamngrCoordinator2
Display name:Datamngr Coordinator2
Description:“Coordinates Datamngr modules functionality”
Type:Win32OwnProcess, InteractiveProcess
Parent processes:

ResourcesThreads

Averages
 
DatamngrCoordinator.exe (main module)
Total CPU:0.09322142%
0.272967%
Kernel CPU:0.07390941%
0.107585%
User CPU:0.01931201%
0.165382%
CPU cycles:2,059,590/sec
5,741,424/sec
Context switches:1/sec
79/sec
Memory:3.29 MB
1.16 MB
ntdll.dll
Total CPU:0.00491945%
Kernel CPU:0.00386528%
User CPU:0.00105417%
CPU cycles:175,818/sec
Memory:1.67 MB

Common loaded modules

These are modules that are typiclaly loaded within the context of this process.

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 34.78%
Windows 8 Pro 15.22%
Windows 7 Home Premium 13.04%
Microsoft Windows XP 10.87%
Windows 8 Enterprise 6.52%
Windows Seven Black Edition 4.35%
Windows 7 Professional 4.35%
Windows 8 Single Language 4.35%
Windows 8 4.35%
Windows 8.1 Single Language 2.17%

Distribution by countryDistribution by country

United States installs about 13.64% of Datamngr Coordinator.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 24.00%
Acer 22.00%
ASUS 20.00%
Hewlett-Packard 10.00%
Toshiba 8.00%
GIGABYTE 6.00%
Sony 4.00%
American Megatrends 4.00%
Alienware 2.00%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE