Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

5.0.0.12712 3.03%
5.0.0.12627 3.03%
5.0.0.9854 3.03%
5.0.0.9396 12.12%
5.0.0.8109 6.06%
5.0.0.8109 3.03%
5.0.0.8080 6.06%
5.0.0.7931 3.03%
5.0.0.7254 36.36%
5.0.0.7189 3.03%
5.0.0.7062 3.03%
5.0.0.6767 3.03%
5.0.0.6254 3.03%
5.0.0.5848 12.12%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
IsValidSid, AddAce, CloseServiceHandle, StartServiceW, OpenServiceW, OpenSCManagerW, SetKernelObjectSecurity, RegEnumValueW, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegEnumKeyW, RegNotifyChangeKeyValue, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegOpenKeyExW, RegEnumKeyExW, RegQueryInfoKeyW, RegCloseKey, RegDeleteKeyW, OpenThreadToken, GetLengthSid, InitializeAcl, CopySid, GetSidSubAuthority, InitializeSid, GetSidLengthRequired, GetUserNameW, CreateProcessAsUserW, SetTokenInformation, SaferCloseLevel, SaferComputeTokenFromLevel, SaferCreateLevel, OpenProcessToken, GetSidSubAuthorityCount, GetTokenInformation, ConvertSidToStringSidW, LookupAccountNameW, QueryServiceStatus, SetSecurityInfo, DeleteAce, GetAce, GetAclInformation, GetSecurityInfo, GetSecurityDescriptorSacl, DuplicateTokenEx, RevertToSelf, ImpersonateLoggedOnUser, RegOpenKeyW, ChangeServiceConfigW, ControlService, QueryServiceStatusEx
comctl32.dll
InitCommonControlsEx, _TrackMouseEvent
crypt32.dll
CertFreeCertificateContext, CertGetCertificateContextProperty, CryptVerifyMessageSignature
gdi32.dll
SetTextColor, GetTextMetricsW, CreateFontIndirectW, GetStockObject, GetObjectW, SetBkMode, CreatePatternBrush, CreateSolidBrush, BitBlt, CreateCompatibleBitmap, SelectObject, CreateCompatibleDC, DeleteDC, DeleteObject, GetTextExtentPoint32W
imagehlp.dll
ImageEnumerateCertificates, ImageGetCertificateData
kernel32.dll
DllMain
ole32.dll
CLSIDFromString, CoUninitialize, CoInitialize, CoCreateInstance, CoTaskMemAlloc, CoTaskMemRealloc, StringFromIID, CoCreateGuid, StringFromGUID2, CoTaskMemFree, StringFromCLSID
sensapi.dll
IsNetworkAlive
shell32.dll
SHFileOperationW, ShellExecuteExW, SHGetSpecialFolderPathW
shlwapi.dll
PathRemoveExtensionW, StrStrIW, UrlEscapeW, PathAppendW, PathRemoveFileSpecW, UrlIsW, PathAddBackslashW
user32.dll
GetWindowLongW, DestroyWindow, DefWindowProcW, CallWindowProcW, LoadStringW, GetDlgItem, SetWindowTextW, EndDialog, SendMessageW, ShowWindow, GetTopWindow, CharNextW, SetWindowLongW, MsgWaitForMultipleObjects, FindWindowW, MsgWaitForMultipleObjectsEx, PeekMessageW, IsWindowUnicode, GetMessageW, GetMessageA, TranslateMessage, DispatchMessageW, DispatchMessageA, PostQuitMessage, SetPropW, MessageBoxW, CreateWindowExW, GetClassInfoExW, RegisterClassExW, DrawTextW, InvalidateRect, IsWindow, PtInRect, ReleaseDC, GetDC, GetParent, LoadCursorW, SetCursor, RedrawWindow, EndPaint, BeginPaint, SetWindowPos, GetSysColor, FillRect, GetClientRect, GetGUIThreadInfo, wsprintfW, UnregisterClassA, LoadStringA, MoveWindow, GetWindowRect, SystemParametersInfoW, SetLayeredWindowAttributes, GetActiveWindow, ChildWindowFromPoint, ScreenToClient, GetCursorPos, TrackMouseEvent, KillTimer, SetTimer, DialogBoxParamW, LoadBitmapW
userenv.dll
UnloadUserProfile, CreateEnvironmentBlock, DestroyEnvironmentBlock
version.dll
VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
wininet.dll
InternetGetConnectedState

DatamngrUI.exe

Data Manager by Bandoo Media (Signed)

Remove DatamngrUI.exe
Version:   5.0.0.9396
MD5:   d17ec94d8622fbed5e7f82df23bd6f57
SHA1:   e3737dc7d0f21bf11329f3db6ac7f6d493ccce51
SHA256:   52cddb99d5335682b05601be108c4d93f8254c014c612336d9c6ac9cbbb70269
Warning 3 antivirus scanners has detected malware.

Overview

datamngrui.exe is malware that executes as a process with the local user's privileges typically within the context of its parent datamngrcoordinator.exe (Datamngr Coordinator by Bandoo Media). It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). The file is digitally signed by Bandoo Media which was issued by the Thawte certificate authority (CA).

DetailsDetails

File name:datamngrui.exe
Publisher:Bandoo Media Inc.
Product name:Data Manager
Typical file path:C:\Program Files\search results toolbar\datamngr\datamngrui.exe
File version:5.0.0.9396
Size:3.42 MB (3,581,440 bytes)
Build date:9/24/2013 6:57 PM
Certificate
Issued to:Bandoo Media
Authority (CA):Thawte
Effective date:Tuesday, September 18, 2012
Expiration date:Sunday, November 2, 2014
Digital DNA
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'DATAMNGR' → C:\Program Files2\SEARCH~1\Datamngr\DATAMN~2.EXE

MalwareMalware detections

Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
Antivirus engineEngine versionDetection
Comodo Internet Security 17326 Application.Win32.bandoo.gc
Malwarebytes 1.75.0.1 PUP.Optional.Bandoo.A
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.F47V1010

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.01214233%
0.028634%
Kernel CPU:0.00709825%
0.013761%
User CPU:0.00504408%
0.014873%
Kernel CPU time:2,338,108 ms/min
100,923,805ms/min
Context switches:2/sec
284/sec
Memory
Private memory:3.02 MB
21.59 MB
Private (maximum):11.36 MB
Private (minimum):8.11 MB
Non-paged memory:3.02 MB
21.59 MB
Virtual memory:73.07 MB
140.96 MB
Virtual memory (peak):76.31 MB
169.69 MB
Working set:8.41 MB
18.61 MB
Working set (peak):11.93 MB
37.95 MB
Resource allocations
Threads:4
12
Handles:125
600
GUI GDI count:11
103
GUI GDI peak:15
142
GUI USER count:8
49
GUI USER peak:12
71

BehaviorsProcess properties

Integrety level:Medium
Platform:32-bit
Command line:"C:\Program Files\movies toolbar\datamngr\datamngrui.exe"
Owner:User
Parent process:datamngrcoordinator.exe (Datamngr Coordinator by Bandoo Media)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 35.48%
Windows 8 Pro 16.13%
Microsoft Windows XP 12.90%
Windows 7 Home Premium 6.45%
Windows 7 Professional 6.45%
Windows 8 Single Language 6.45%
Windows 8 6.45%
Windows 8.1 Single Language 3.23%
Windows 8 Enterprise 3.23%
Windows Seven Black Edition 3.23%

Distribution by countryDistribution by country

United States installs about 10.34% of Data Manager.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Acer 22.86%
Dell 22.86%
ASUS 17.14%
Hewlett-Packard 11.43%
Toshiba 11.43%
Sony 5.71%
American Megatrends 5.71%
GIGABYTE 2.86%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE