kmpaddedcode_oppercd.exe

Groovecom

The application kmpaddedcode_oppercd.exe by Groovecom has been detected as adware by 21 anti-malware scanners. This is a setup program which is used to install the application. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from files4.downloadnet253.com and multiple other hosts.
Publisher:
Groovecom  (signed and verified)

Product:
Groovecom

Version:
80.8.8.8035

MD5:
9121e4db6769c26004c89b7ff873c030

SHA-1:
dd990e14f215e44217b0beb5fd16af5d08067140

SHA-256:
1da8b8a69f1f3e942dcc627544b22b24c11ec4ba81632e406f786732134a0ac3

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/26/2024 1:10:38 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DownloadAdmin.4
392

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
Generic
2017.0.2870

Bitdefender
Gen:Variant.Application.Bundler.DownloadAdmin.4
1.0.20.40

Bkav FE
W32.HfsAdware
1.3.0.7383

Clam AntiVirus
Win.Trojan.Downloadadmin-248
0.98/21511

Comodo Security
Application.Win32.DownloadAdmin.RP
23688

Dr.Web
Trojan.Vittalia.1198
9.0.1.08

ESET NOD32
Win32/DownloadAdmin.P potentially unwanted (variant)
10.12617

Fortinet FortiGate
Riskware/DownloadAdmin
1/8/2016

F-Secure
Gen:Variant.Application.Bundler
11.2016-08-01_6

G Data
Gen:Variant.Application.Bundler.DownloadAdmin
16.1.25

IKARUS anti.virus
PUA.DownloadAdmin
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.17959

McAfee
Artemis!A5C08631749C
5600.6526

MicroWorld eScan
Gen:Variant.Application.Bundler.DownloadAdmin.4
17.0.0.24

Panda Antivirus
Trj/Genetic.gen
16.01.08.09

Reason Heuristics
PUP.DownloadAdmin.Groovecom.Installer (M)
16.1.8.21

Rising Antivirus
PE:Adware.DownloadAdmin!1.A243 [F]
23.00.65.16106

VIPRE Antivirus
Trojan.Win32.Generic
45400

Zillya! Antivirus
Adware.BrowseFox.Win32.191000
2.0.0.2527

File size:
871.3 KB (892,240 bytes)

Product version:
80.8.8.8035

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kmpaddedcode_oppercd.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
11/12/2015 2:18:38 AM

Valid to:
9/11/2016 1:39:55 AM

Subject:
CN=Groovecom, O=Groovecom, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00A5A543D1F82F75E7

File PE Metadata
Compilation timestamp:
11/4/2014 12:12:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:0GLVJOFbaPq7JeErrminQ0QNhmZCtyUHeo0TZf4JfZbTlxj4qGRrrAQynvTdcCTZ:JEWiVa0Q0QNttyiAQZbD4rRfZy/RvaIr

Entry address:
0x2026

Entry point:
E8, D5, B8, 00, 00, E9, D3, B1, 00, 00, FF, 25, B0, 40, 41, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, EC, 20, B9, 1E, 00, 00, 00, 8D, 04, 24, EB, 03, 8D, 49, 00, C6, 00, 00, 40, 83, E9, 01, 75, F7, 53, 55, 8B, 6C, 24, 2C, 56, 8B, C5, 57, 8D, 50, 01, 8A, 08, 40, 84, C9, 75, F9, 2B, C2, 8B, F8, 8D, 5F, 02, 53, FF, 15, F4, F1, 40, 00, 83, C4, 04, 53, 8B, F0, 55, 56, FF, 15, 44, F0, 40, 00, C6, 04, 3E, 00, C6, 44, 3E, 01, 00, 8D, 4C, 24, 10, B8, 14, 04, 00, 00, 51, 89, 74, 24, 1C, C7, 44, 24, 18, 03, 00...
 
[+]

Entropy:
7.9690  (probably packed)

Code size:
52.5 KB (53,760 bytes)

The file kmpaddedcode_oppercd.exe has been seen being distributed by the following 50 URLs.

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=77443&cb=-1132646494

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=77443&cb=124448229

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=77443&cb=477176259

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=77443&cb=1672959634

Latest 30 of 61 download URLs

Remove kmpaddedcode_oppercd.exe - Powered by Reason Core Security