home

kmpaddedcode_oppercd.exe

Super Download Media

The application kmpaddedcode_oppercd.exe by Super Download Media has been detected as a potentially unwanted program by 20 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Super Download Media  (signed and verified)

Product:
Super Download Media

Version:
4.8.7.3330

MD5:
9571ddda489720f28cf7aa8959f219e6

SHA-1:
0479798514e5e198e3ec30799db91c14f6b97386

SHA-256:
f9e42cc80e1d7051402a04ad3be64c4fe314f10079b74e8e5397e352be3500e2

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/28/2024 5:18:40 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DownloadAdmin.4
110

Arcabit
Trojan.Application.Bundler.DownloadAdmin.4
1.0.0.627

avast!
Win32:Malware-gen
2014.9-161016

AVG
Generic
2017.0.2588

Bitdefender
Gen:Variant.Application.Bundler.DownloadAdmin.4
1.0.20.1450

Comodo Security
Application.Win32.DownloadAdmin.P
23685

Dr.Web
Trojan.Vittalia.958
9.0.1.0290

ESET NOD32
Win32/DownloadAdmin.P potentially unwanted (variant)
10.12648

F-Prot
W32/S-a24bc0d1
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2016-16-10_1

G Data
Gen:Variant.Application.Bundler.DownloadAdmin
16.10.25

IKARUS anti.virus
PUA.DownloadAdmin
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.18012

Microsoft Security Essentials
SoftwareBundler:Win32/Dowadmin
1.1.12300.0

MicroWorld eScan
Gen:Variant.Application.Bundler.DownloadAdmin.4
17.0.0.870

Panda Antivirus
Trj/Genetic.gen
16.10.16.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.DownloadAdmin (M)
16.10.16.13

VIPRE Antivirus
Trojan.Win32.Generic
45526

Zillya! Antivirus
Adware.BrowseFox.Win32.155295
2.0.0.2538

File size:
883.7 KB (904,896 bytes)

Product version:
4.8.7.3330

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kmpaddedcode_oppercd.exe

Digital Signature
Signed by:
Super Download Media

Authority:
VeriSign, Inc.

Valid from:
10/28/2015 2:00:00 AM

Valid to:
10/28/2016 1:59:59 AM

Subject:
CN=Super Download Media, O=Super Download Media, L=oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
539371EF08EBEEE27231F295906A4B51

File PE Metadata
Compilation timestamp:
11/25/2014 8:52:53 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:OIfWCyIvqyFUxigjxKPx7OUinhjIGB9aiUaMU/DmuqNZw3Z6gRNa3bkF:OI93l8igjxKPx76hcGBU1VeDUu4ia34F

Entry address:
0x4428

Entry point:
E8, F3, 90, 00, 00, E9, F1, 89, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, EC, 20, B9, 1E, 00, 00, 00, 8D, 04, 24, EB, 03, 8D, 49, 00, C6, 00, 00, 40, 83, E9, 01, 75, F7, 53, 55, 8B, 6C, 24, 2C, 56, 8B, C5, 57, 8D, 50, 01, 8A, 08, 40, 84, C9, 75, F9, 2B, C2, 8B, F8, 8D, 5F, 02, 53, FF, 15, 00, F2, 40, 00, 83, C4, 04, 53, 8B, F0, 55, 56, FF, 15, 58, F0, 40, 00, C6, 04, 3E, 00, C6, 44, 3E, 01, 00, 8D, 4C, 24, 10, B8, 14, 04, 00, 00, 51, 89, 74, 24, 1C, C7, 44, 24, 18, 03, 00, 00, 00...
 
[+]

Entropy:
7.9641  (probably packed)

Code size:
53.5 KB (54,784 bytes)

Remove kmpaddedcode_oppercd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.