kmpaddedcode_oppercd.exe

Download Verified

The application kmpaddedcode_oppercd.exe by Download Verified has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from 113.171.224.212 and multiple other hosts.
Publisher:
Download Verified  (signed and verified)

MD5:
ac5087d9a5fe10a840e683e8c9b29f78

SHA-1:
e1a64f1143166744eee75c79ec7fc32085700dc0

SHA-256:
e9f58d649e30ede20b3e50d3c4d44172c15e6ce6e237e44bcff76c9d82df80a3

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
12/26/2024 12:33:55 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.DownloadAdmin
2015.06.04

Dr.Web
Trojan.Vittalia.69
9.0.1.05190

Malwarebytes
PUP.Optional.Bundle
v2015.06.04.03

McAfee
Artemis!AC5087D9A5FE
5600.6744

Reason Heuristics
Threat.Win.Reputation.IMP
15.6.3.9

Trend Micro House Call
Suspicious_GEN.F47V0604
7.2.155

VIPRE Antivirus
DownloadAdmin
40824

File size:
655.9 KB (671,640 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kmpaddedcode_oppercd.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/5/2015 6:00:00 AM

Valid to:
2/6/2016 5:59:59 AM

Subject:
CN=Download Verified, O=Download Verified, L=san francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
374F6915B9875363C2CF0BCF19A679AF

File PE Metadata
Compilation timestamp:
5/12/2015 12:14:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:Tzv9q8UQvW2Zl4VSzD6TGAflJGr7+RPYnG5E31ldOdLk2NRE9G/fzCmohHCSdYT:nvEXQeHgXqgnG5OdMLkcem6da

Entry address:
0x1BB4

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, E0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, E8, DC, 51, 00, 00, 53, E8, 50, FD, FF, FF, 59, FF, 15, 50, 77, 40, 00, 68, 01, 80, 00, 00, FF, 15, 70, 70, 40, 00, 53, FF, 15, 4C, 77, 40, 00, 6A, 08, A3, 98, 2C, 42, 00, E8, B9, 09, 00, 00, 53, 68, 60, 01, 00, 00, A3, 00, 3D, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 73, 74, 40, 00, FF, 15, 9C, 71, 40, 00, 68, 68, 74, 40, 00, 68, 00, 35, 42, 00, E8, AB, 08, 00, 00, FF, 15, 6C, 70, 40, 00...
 
[+]

Entropy:
7.9743

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file kmpaddedcode_oppercd.exe has been seen being distributed by the following 2 URLs.

http://113.171.224.212/.../setup.exe

Remove kmpaddedcode_oppercd.exe - Powered by Reason Core Security