home

kmpaddedcode_oppercd.exe

KPI Interactive

The application kmpaddedcode_oppercd.exe by KPI Interactive has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup program which is used to install the application. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. The file has been seen being downloaded from files4.downloadmanager149.com and multiple other hosts.
Publisher:
KPI Interactive  (signed and verified)

Product:
KPI Interactive

Version:
76.8.8.4916

MD5:
c5feb2ce788befddb41202bc20d234b7

SHA-1:
d1e68f1ce0edbf8d093f8bb20e9306c2846a547c

SHA-256:
75bf5613cb28aa91239fee530ea71b8b69aad896df0cf06518862b9357f14558

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/28/2024 12:20:58 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2017.0.2857

Baidu Antivirus
PUA.Win32.DownloadAdmin
4.0.3.16121

ESET NOD32
Win32/DownloadAdmin.P potentially unwanted (variant)
10.12532

G Data
Win32.Trojan.Agent.NKNX5P
16.1.25

K7 AntiVirus
Adware
13.212.17783

Microsoft Security Essentials
SoftwareBundler:Win32/Dowadmin
1.1.12205.0

Panda Antivirus
Trj/Genetic.gen
16.01.21.01

Sophos
Generic PUA NB (PUA)
4.98

VIPRE Antivirus
Trojan.Win32.Generic
45082

Zillya! Antivirus
Adware.BrowseFox.Win32.139188
2.0.0.2497

File size:
956.2 KB (979,128 bytes)

Product version:
76.8.8.4916

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kmpaddedcode_oppercd.exe

Digital Signature
Signed by:
KPI Interactive

Authority:
VeriSign, Inc.

Valid from:
10/28/2015 7:00:00 AM

Valid to:
10/28/2016 6:59:59 AM

Subject:
CN=KPI Interactive, O=KPI Interactive, L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
29D6E10887A94FBFBC42D95068E3BDD3

File PE Metadata
Compilation timestamp:
11/5/2014 6:26:46 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:qeyOw1HNTsiwbQ1VaTkqbGuP9D7EDQ2pXrKj+U7TNKlngtz:YXTsisQ1BqbZ7EE2pbKT7TCngR

Entry address:
0x1EB6

Entry point:
E8, 55, B6, 00, 00, E9, 57, AF, 00, 00, 81, EC, 1C, 02, 00, 00, 53, 55, 8B, AC, 24, 28, 02, 00, 00, 56, 57, 6A, 01, 55, E8, E7, 32, 00, 00, 8B, F0, 89, 44, 24, 18, 8D, 44, 24, 1C, 50, 6A, 00, 6A, 02, 55, C7, 44, 24, 2C, 00, 00, 00, 00, E8, 3A, 35, 00, 00, 8B, 4C, 24, 2C, 6A, 00, 68, 50, 85, 4E, 00, 8B, F8, 8D, 1C, 0F, 6A, 03, 55, 89, 5C, 24, 44, E8, 1E, 35, 00, 00, 8D, 54, 24, 48, 52, 55, 89, 44, 24, 48, E8, 1F, 35, 00, 00, 83, C4, 30, 85, FF, 75, 0D, 55, E8, 72, 34, 00, 00, D9, EE, E9, 8F, 00, 00, 00, 3B...
 
[+]

Entropy:
7.9702  (probably packed)

Code size:
53.5 KB (54,784 bytes)

The file kmpaddedcode_oppercd.exe has been seen being distributed by the following 2 URLs.

http://files4.downloadmanager149.com/download/.../dl?bc=1188307&pid=kmp&brand=kmplayer.com&s=noprimary&country=DZ&cb=1543259101&osName=unknown&browserName=unknown&zTmp=1&executable=1196657

http://files4.downloadmanager149.com/download/.../dl?bc=1188307&pid=kmp&brand=kmplayer.com&s=noprimary&country=RU&cb=-757020&osName=unknown&browserName=unknown&zTmp=1&executable=1196657

Remove kmpaddedcode_oppercd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.