pmropn.exe

PremierOpinion

VoiceFive Networks, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application pmropn.exe by VoiceFive Networks has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program PremierOpinion by VoiceFive, Inc. which is a potentially unwanted software program. While running, it connects to the Internet address oss-ad-iad.securestudies.com on port 80 using the HTTP protocol.
Publisher:
VoiceFive, Inc.  (signed by VoiceFive Networks, Inc.)

Product:
PremierOpinion

Version:
1.3.337.388 (Build 337.388)

MD5:
c9c1a1c5103e722aecfb117db4b0c189

SHA-1:
3cb2fa401c732ae8960aefda25884269377c0978

SHA-256:
8c1ffaef056187c76b5b39b18a53cec5309ac589c31cbd5db9fae38917afeff9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 2:38:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TMRG (M)
16.10.6.19

File size:
3.6 MB (3,723,200 bytes)

Product version:
1.3.337.388 (Build 337.388)

Copyright:
Copyright © 2001-2004

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\premieropinion\pmropn.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
10/5/2015 1:00:00 AM

Valid to:
11/3/2018 11:59:59 PM

Subject:
CN="VoiceFive Networks, Inc.", O="VoiceFive Networks, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
3B4D69BCB4E43BCC60770FDD4CF2C36F

File PE Metadata
Compilation timestamp:
9/23/2016 9:39:39 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:marvFMyn2w1+siefttL3xtT4abW+h+CZvhjMFtG0IOPo3Azbm2xt:mw1+siefttL3H7YtxjzSat

Entry address:
0x242A1B

Entry point:
E8, ED, 53, 01, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 97, 2A, 64, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, AD, 0D, 04, 00, 8B, 45, 0C, 8B...
 
[+]

Entropy:
6.6119

Code size:
2.7 MB (2,805,760 bytes)

Windows Firewall Allowed Program
Name:
pmropn.exe


The file pmropn.exe has been discovered within the following program.

PremierOpinion  by VoiceFive, Inc.
Publisher's description - “VoiceFive, a comScore, Inc. company, is a leading global market research company that studies and reports on Internet trends and behavior.”
73% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-61-225-108.deploy.static.akamaitechnologies.com  (23.61.225.108:80)

TCP (HTTP):
Connects to oss-ad-iad.securestudies.com  (165.193.78.187:80)

TCP (HTTP):
Connects to webone.crtvg.es  (85.91.64.22:80)

TCP (HTTP SSL):
Connects to post.securestudies.com  (165.193.78.234:443)

TCP (HTTP):
Connects to n1nlhg336c1336.shr.prod.ams1.secureserver.net  (146.255.36.1:80)

TCP (HTTP):
Connects to li156-174.members.linode.com  (173.230.146.174:80)

TCP (HTTP):
Connects to kundenserver.de  (217.160.123.79:80)

TCP (HTTP):
Connects to wwwc.ia5.securestudies.com  (165.193.93.104:80)

TCP (HTTP):
Connects to a23-195-197-130.deploy.static.akamaitechnologies.com  (23.195.197.130:80)

TCP (HTTP):
Connects to server-54-192-44-213.fra6.r.cloudfront.net  (54.192.44.213:80)

TCP (HTTP):
Connects to server-54-192-44-201.fra6.r.cloudfront.net  (54.192.44.201:80)

TCP (HTTP):
Connects to hawk-iad.securestudies.com  (165.193.78.186:80)

TCP (HTTP):
Connects to ec2-54-225-247-92.compute-1.amazonaws.com  (54.225.247.92:80)

TCP (HTTP):
Connects to ec2-34-199-139-174.compute-1.amazonaws.com  (34.199.139.174:80)

TCP (HTTP):
Connects to a95-101-72-223.deploy.akamaitechnologies.com  (95.101.72.223:80)

TCP (HTTP):
Connects to wwwc.ri5.securestudies.com  (4.16.74.200:80)

TCP (HTTP):
Connects to wwwc.ri4.securestudies.com  (4.16.74.168:80)

TCP (HTTP):
Connects to wwwc.ri3.securestudies.com  (4.16.74.136:80)

TCP (HTTP):
Connects to wwwc.ia9.securestudies.com  (205.218.48.200:80)

TCP (HTTP):
Connects to wwwc.ia7.securestudies.com  (205.217.176.8:80)

Remove pmropn.exe - Powered by Reason Core Security