» packagei2.exe
Overview
Analysis
File Details
Downloads (4)
Network (3)

packagei2.exe

VoiceFive Networks, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application packagei2.exe, “PremierOpinion Installer” by VoiceFive Networks has been detected as adware by 15 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.

File name:

packagei2.exe

Publisher:

VoiceFive Networks, Inc. (signed and verified)

Description:

PremierOpinion Installer

Version:

1.0.1.4 (Build 4)

MD5:

d0cbba072f17fab672345bf7c7abd0fa

SHA-1:

66b2ff9f52aede2b7ae28d08bd13ab932387bf99

Scanner detections:

15 / 68

Status:

Adware

Analysis date:

11/24/2024 4:07:43 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Adware/Win32.Toolbar

14.05.03

avast!

Win32:Relevant-X [PUP]

2014.9-140503

AVG

RelevantKnowledge

2015.0.3486

Comodo Security

ApplicUnwnt

18135

Dr.Web

Adware.Relevant.101

9.0.1.0160

Emsisoft Anti-Malware

Application.Generic.964608

8.15.06.09.03

ESET NOD32

Win32/Adware.RK.AG (variant)

8.9701

F-Secure

Riskware.Application.Generic.964608

11.2015-09-06_3

K7 AntiVirus

Unwanted-Program

13.176.11806

Kaspersky

not-a-virus:WebToolbar.Win32.RK

14.0.0.3925

Malwarebytes

Adware.PremierOpinion

v2014.05.03.12

Norman

Application.Generic.964608

11.20150609

Reason Heuristics

Threat.Win.Reputation.IMP

15.6.8.23

Sophos

Generic PUA GG

4.98

Trend Micro House Call

TROJ_GEN.F47V0225

7.2.123

File size:

385.3 KB (394,552 bytes)

Product version:

1.0.1.4 (Build 4)

Original file name:

POInstaller.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\packagei2.exe

Digital Signature

Signed by:

VoiceFive Networks, Inc.

Authority:

VeriSign, Inc.

Valid from:

9/12/2012 7:00:00 AM

Valid to:

10/9/2015 6:59:59 AM

Subject:

CN="VoiceFive Networks, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="VoiceFive Networks, Inc.", L=Reston, S=Virginia, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7DF0080A576090E4868BAC6B0E459122

File PE Metadata

Compilation timestamp:

12/18/2013 9:50:20 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:cd7bRzhcrnZFUMR6uFTg3o+qqPNghonTskyN:wxzWrnZFUMRVq4+qq6onTiN

Entry address:

0x1E02A

Entry point:

E8, E2, D0, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 64, E1, 44, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 4C, D2, 44, 00, C9, C2, 08, 00, C3, B8, BC, BC, 42, 00, A3, 00, DF, 45, 00, C7, 05, 04, DF, 45, 00, 46, B3, 42, 00, C7, 05, 08, DF, 45, 00, FA, B2, 42, 00, C7, 05, 0C, DF, 45, 00, 33, B3, 42, 00, C7... 
[+]

Code size:

302 KB (309,248 bytes)

The file packagei2.exe has been seen being distributed by the following 4 URLs.

http://gsf-cf.softonic.com/66b/2ff/.../poinstaller-1-.exe

http://post.securestudies.com/packages/.../PackageI2.exe

https://jira.ironsrc.com/jira/secure/attachment/.../poinstaller.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to post.securestudies.com (165.193.78.234:443)

TCP (HTTP):

Connects to ocsp.comodoca.com (178.255.83.1:80)

Remove packagei2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.