COD.exe

COD

TMRG, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application COD.exe by TMRG has been detected as adware by 3 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
comScore, Inc.  (signed by TMRG, Inc.)

Product:
COD

Version:
1.0.0.0

MD5:
1148d8ebd2324aea96503c450ecb571f

SHA-1:
2221d4fb72cf455dc43ff6c5de7ddcdd17812385

SHA-256:
d48dc3b6de5850fe9e688645bbc1643c4ad42466057b4da9f5064443a253063e

Scanner detections:
3 / 68

Status:
Adware

Analysis date:
11/2/2024 1:34:37 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Relevant-AD [PUP]
2014.9-140510

Reason Heuristics
PUP.TMRG.D
14.8.7.22

VIPRE Antivirus
Adware.Win32.RelevantKnowledge.a
29046

File size:
15.2 KB (15,608 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © comScore, Inc. 2011

Original file name:
COD.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\apps\2.0\r833p243.km8\nm1j7o5k.ywe\cod...tion_455f1ea75a463835_0001.0000_8871ea34afadf2ab\cod.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
10/16/2012 7:00:00 PM

Valid to:
10/5/2015 6:59:59 PM

Subject:
CN="TMRG, Inc.", O="TMRG, Inc.", L=Reston, S=Virginia, C=US, SERIALNUMBER=3910738, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
308DC75DC34A54E295C9F7B86685BE76

File PE Metadata
Compilation timestamp:
11/7/2012 4:14:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:Z9bma1EZ92ggXjaOn92ubFPk3mirILBd1Lm0qZ6YC:rmaGZ92COn92WPfIILL1y066L

Entry address:
0x3BFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0952

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
7.5 KB (7,680 bytes)

Remove COD.exe - Powered by Reason Core Security