» packagei2.exe
Overview
Analysis
File Details
Downloads (1)

packagei2.exe

VoiceFive Networks, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application packagei2.exe, “PremierOpinion Installer” by VoiceFive Networks has been detected as adware by 12 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.

File name:

packagei2.exe

Publisher:

VoiceFive Networks, Inc. (signed and verified)

Description:

PremierOpinion Installer

Version:

1.0.1.4 (Build 4)

MD5:

05bbf2f5359c8893ed2a70fd6560cbf1

SHA-1:

3b4c110542464444f1fad33096e150a4223f4a43

SHA-256:

3fc268f941a51eca5e83c962125e140b9c49f220b979fd9307cbb658f1e51acc

Scanner detections:

12 / 68

Status:

Adware

Analysis date:

11/6/2024 4:40:31 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Patched-JI

150717-0

AVG

Win32/Slugin.A

2015.0.4355

Dr.Web

Adware.Relevant.101, Win32.Wplugin.2

9.0.1.05190

Emsisoft Anti-Malware

Adware.RelevantKnowledge

11.5.0.6191

ESET NOD32

Win32/Slugin.A virus

7.0.302.0

F-Prot

W32/Slugin.B

4.6.5.141

Kaspersky

Virus.Win32.Slugin

15.0.0.562

McAfee

Virus.W32/Wplugin

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.217.1157.0

Norman

Adware.RelevantKnowledge.I

02.04.2016 17:35:19

Reason Heuristics

PUP.TMRG.VoiceFiv.Installer (M)

16.4.13.15

VIPRE Antivirus

Threat.4314870

48132

File size:

477.8 KB (489,243 bytes)

Product version:

1.0.1.4 (Build 4)

Original file name:

POInstaller.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\packagei2.exe

Digital Signature

Signed by:

VoiceFive Networks, Inc.

Authority:

VeriSign, Inc.

Valid from:

9/12/2012 12:00:00 AM

Valid to:

10/8/2015 11:59:59 PM

Subject:

CN="VoiceFive Networks, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="VoiceFive Networks, Inc.", L=Reston, S=Virginia, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7DF0080A576090E4868BAC6B0E459122

File PE Metadata

Compilation timestamp:

12/18/2013 9:50:20 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:cd7bRzhcrnZFUMe6uFTg3o+qqPNghonTskyC4zkJ:wxzWrnZFUMeVq4+qq6onTiXkJ

Entry address:

0x1E02A

Entry point:

60, E8, 00, 00, 00, 00, 5B, 81, EB, D0, 48, 2E, 02, 83, EC, 74, 8B, EC, 8B, 83, AB, 4B, 2E, 02, 89, 45, 00, 8B, 83, B3, 4B, 2E, 02, 03, 45, 00, 89, 45, 2C, 8B, 83, B7, 4B, 2E, 02, 03, 45, 00, 89, 45, 30, C7, 45, 14, 00, 00, 00, 00, C7, 45, 18, 00, 00, 00, 00, C7, 45, 1C, 00, 00, 00, 00, 8B, 45, 14, FF, 45, 14, 66, 33, C9, 8A, 8C, 03, FF, 4B, 2E, 02, 84, C9, 74, 7A, 8B, 45, 1C, 66, 01, 4D, 1C, 03, C3, 05, 13, 4C, 2E, 02, 50, 8B, 45, 2C, FF, 10, 85, C0, 0F, 84, 5E, 02, 00, 00, 89, 45, 10, 8B, 45, 1C, 03, C3... 
[+]

Entropy:

6.6212

Packer / compiler:

ASPack v1.08.04

Code size:

302 KB (309,248 bytes)

The file packagei2.exe has been seen being distributed by the following URL.

http://post.securestudies.com/packages/.../PackageI2.exe

Remove packagei2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.