Should I block it?

60%

60% of PCs block this file from running.

Possible reason:

Performance resource utilization

Additional versions

18b74	20.00%
6d35a	20.00%
72ef4	20.00%
b85c1	20.00%
4e89a	20.00%

(Note, iMesh Inc. publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

PE file structure

Show functions

Import table

advapi32.dll

LookupAccountNameW, IsValidSid, ConvertSidToStringSidW, GetTokenInformation, GetLengthSid, InitializeAcl, AddAce, GetSecurityInfo, GetAclInformation, GetAce, DeleteAce, SetSecurityInfo, OpenThreadToken, OpenProcessToken, SetKernelObjectSecurity, RegEnumValueW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyW, RegNotifyChangeKeyValue, RegQueryValueExW, RegEnumKeyExW, RegQueryInfoKeyW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegOpenKeyExW

comctl32.dll

InitCommonControlsEx, _TrackMouseEvent

gdi32.dll

GetTextExtentPoint32W, SetTextColor, DeleteDC, CreateCompatibleBitmap, BitBlt, CreateFontIndirectW, CreateCompatibleDC, GetObjectW, SetBkMode, CreatePatternBrush, CreateSolidBrush, DeleteObject, GetTextMetricsW, SelectObject, GetStockObject

kernel32.dll

DllMain

ole32.dll

CoTaskMemAlloc, CoCreateInstance, CoTaskMemFree, CoUninitialize, CoInitialize, CLSIDFromString, StringFromGUID2, CoTaskMemRealloc

shell32.dll

SHGetSpecialFolderPathW

shlwapi.dll

SHDeleteKeyW, SHCopyKeyW, UrlIsW, PathAddBackslashW, PathRemoveFileSpecW

user32.dll

MessageBoxW, FindWindowW, MsgWaitForMultipleObjects, PostQuitMessage, SetPropW, MsgWaitForMultipleObjectsEx, PeekMessageW, IsWindowUnicode, GetMessageW, GetMessageA, TranslateMessage, DispatchMessageW, DispatchMessageA, SetCursor, CreateWindowExW, RegisterClassExW, GetSysColor, ReleaseDC, GetDC, BeginPaint, PtInRect, LoadCursorW, GetClassInfoExW, IsWindow, GetParent, RedrawWindow, InvalidateRect, SetWindowPos, DrawTextW, GetActiveWindow, GetWindowLongW, SetLayeredWindowAttributes, SystemParametersInfoW, GetClientRect, GetWindowRect, MoveWindow, FillRect, GetCursorPos, TrackMouseEvent, ChildWindowFromPoint, KillTimer, SetTimer, ScreenToClient, DialogBoxParamW, LoadBitmapW, GetTopWindow, ShowWindow, SetWindowLongW, LoadStringW, GetDlgItem, SetWindowTextW, SendMessageW, EndDialog, DefWindowProcW, DestroyWindow, CharNextW, EndPaint, UnregisterClassA, LoadStringA, CallWindowProcW

version.dll

GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW

wininet.dll

InternetCloseHandle, HttpSendRequestW, InternetSetOptionW, HttpOpenRequestW, InternetConnectW, InternetOpenW

datamngrui.exe

By iMesh Inc. (Signed)

Remove datamngrui.exe

MD5:	4e89a139ffd578a19f233aca41b28e78
SHA1:	f2af974d568ecf5540790280dba3224922827a26
SHA256:	56efd87a9c1ad7705e014b2df54f46f6eece8099db05f1d55f825bb869eea299

Overview

datamngrui.exe executes as a process with the local user's privileges. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). It is installed with a couple of know programs including iMesh published by iMesh Inc. and iMesh published by iMesh Inc.. The file is digitally signed by iMesh Inc. which was issued by the Thawte certificate authority (CA). Note, some antivirus scanners have flagged this file, however it is not necessarily considered malware (see below for details).

Details

File name:	datamngrui.exe
Typical file path:	C:\Program Files\imesh applications\mediabar\datamngr\datamngrui.exe
Size:	1.61 MB (1,684,544 bytes)
Build date:	1/22/2013 1:34 AM
Certificate
Issued to:	iMesh Inc.
Authority (CA):	Thawte
Digital DNA
File packed:	No
.NET CLR:	No

More details

Programs

The following programs will install this file

iMesh

iMesh Inc.

24% remove

iMesh is a media and file sharing client that's available in 9 languages. It uses a proprietary, centralized, P2P network (IM2Net) operating on ports 80, 443 and 1863. iMesh operates the first "RIAA-approved" P2P service, allowing users residing in United States and Canada to download music content of choice for a monthly fee in the form of either a Premium subscription or a "ToGo" subscription. This subscription based approach is advoc...

Behaviors

Startup files (all users) run

Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'DATAMNGR' → C:\Program Files1\IMESHA~1\Mediabar\Datamngr\DATAMN~1.EXE

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00149039%	0.028634%
Kernel CPU:	0.00048600%	0.013761%
User CPU:	0.00100439%	0.014873%
Kernel CPU time:	16 ms/min	100,923,805ms/min
Context switches:	1/sec	284/sec
Memory
Private memory:	1.05 MB	21.59 MB
Private (maximum):	3.62 MB
Private (minimum):	308 KB
Non-paged memory:	1.05 MB	21.59 MB
Virtual memory:	35.74 MB	140.96 MB
Virtual memory (peak):	40.68 MB	169.69 MB
Working set:	508 KB	18.61 MB
Working set (peak):	3.63 MB	37.95 MB
Page faults:	1,033/min	2,039/min
I/O
I/O read transfer:	0 Bytes/sec	1.02 MB/min
I/O read operations:	1/sec	343/min
I/O write transfer:	0 Bytes/sec	274.99 KB/min
I/O write operations:	1/sec	227/min
I/O other transfer:	0 Bytes/sec	448.09 KB/min
I/O other operations:	1/sec	1,671/min
Resource allocations
Threads:	4	12
Handles:	82	600
GUI GDI count:	11	103
GUI USER count:	7	49

Process properties

Integrety level:	Undefined
Platform:	32-bit
Command line:	"C:\progra~1\imesha~1\mediabar\datamngr\datamn~1.exe"
Owner:	User
Parent process:	Explorer.EXE (Windows Explorer by Microsoft)

Distribution by Windows OS

OS version	distribution
Microsoft Windows XP	40.00%
Windows Vista Home Premium	20.00%
Windows 8 Pro with Media Center	20.00%
Windows 7 Home Premium	20.00%

Distribution by country

Australia installs about 20.00% of datamngrui.exe.

Distribution by PC manufacturer

PC Manufacturer	distribution
Dell	100.00%

Remove Adware and Spyware Programs, FREE Download!