pmropn64.exe

PremierOpinion

VoiceFive Networks, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application pmropn64.exe by VoiceFive Networks has been detected as adware by 33 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
VoiceFive Networks, Inc.  (signed and verified)

Product:
PremierOpinion

Version:
1.0.0.8 (Build 0.8)

MD5:
f1bfc94067be90b7f1027e02c754dbb6

SHA-1:
a3a195478fe57620d779a9fa3e463caab4374f85

SHA-256:
ff21cb8cb547226645f40897db5570e70f2788623bb47352ec9b01765996ba21

Scanner detections:
33 / 68

Status:
Adware

Analysis date:
12/23/2024 3:45:46 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.RelevantKnowledge.E
377

Avira AntiVirus
Adware/Relevant.BC
7.11.154.162

avast!
Win32:Relevant-AC [PUP]
2014.9-160124

AVG
RelevantKnowledge
2017.0.2855

Baidu Antivirus
Adware.Win64.RKToolbar
4.0.3.16124

Bitdefender
Application.RelevantKnowledge.E
1.0.20.120

Bkav FE
W32.OnGameEALBS.Trojan
1.3.0.4959

Clam AntiVirus
PUA.RelevantKnowledge
0.98/18155

Comodo Security
ApplicUnwnt.Win32.AdWare.RK.~S
9412

Dr.Web
Program.RelKnow.9
9.0.1.024

Emsisoft Anti-Malware
Adware.Win32.AMN!A2
8.16.01.24.08

ESET NOD32
Win64/Adware.RK
10.10067

F-Prot
W64/MalwareF.BIDJ
v6.4.6.2.117

F-Secure
Application.RelevantKnowledge.E
11.2016-24-01_1

G Data
Application.RelevantKnowledge
16.1.24

IKARUS anti.virus
not-a-virus:WebToolbar.Win64
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.108.4911

Kaspersky
not-a-virus:Monitor.Win64.RK
14.0.0.768

Malwarebytes
PUP.Optional.RelevantKnowledge
v2016.01.24.08

McAfee
Generic.tra!g
5600.6511

MicroWorld eScan
Application.RelevantKnowledge.E
17.0.0.72

NANO AntiVirus
Riskware.Win64.RelKnow.bdouyb
0.28.0.60253

nProtect
Trojan-Clicker/W32.RK.210560
11.07.16.01

Prevx
Low Risk Adware
3.0

Reason Heuristics
PUP.TMRG.VoiceFiveNetworks (M)
16.1.24.8

Rising Antivirus
PE:Trojan.Win32.Generic.12AAC108!313180424
23.00.65.16122

Sophos
Generic Proxy-OSS Application
4.67

SUPERAntiSpyware
Spyware.RelevantKnowledge
9366

Trend Micro House Call
TROJ_GEN.R06H1GC
7.2.24

Vba32 AntiVirus
AdWare.Win32.RK.aw
3.12.16.4

VIPRE Antivirus
Adware.Win32.RelevantKnowledge.a
30250

ViRobot
Adware.RK.210560.A
2011.7.16.4573

Zillya! Antivirus
Adware.RK.Win64.2
2.0.0.1827

File size:
206.3 KB (211,272 bytes)

Product version:
1.0.0.8 (Build 0.8)

Copyright:
Copyright © 2001-2004

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\windows\temp\{random}.tmp\pmropn64.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
8/9/2009 8:00:00 PM

Valid to:
10/5/2012 7:59:59 PM

Subject:
CN="VoiceFive Networks, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="VoiceFive Networks, Inc.", L=Reston, S=VA, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7FE867AFCDCA794F00B81D64E13D7A0B

File PE Metadata
Compilation timestamp:
3/17/2010 2:47:40 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
3072:9cj+Gkx/35L9o2Qo1ncP+e7yideswtvWFdsrMk++YkU+IQeKmrNxIX:9fQo1nYIioswtvWjQMFkTmrrIX

Entry address:
0xDD1C

Entry point:
48, 83, EC, 28, E8, E3, 6A, 00, 00, 48, 83, C4, 28, E9, 56, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 8B, C1, 49, 83, F8, 08, 72, 53, 0F, B6, D2, 49, B9, 01, 01, 01, 01, 01, 01, 01, 01, 49, 0F, AF, D1, 49, 83, F8, 40, 72, 1E, 48, F7, D9, 83, E1, 07, 74, 06, 4C, 2B, C1, 48, 89, 10, 48, 03, C8, 4D, 8B, C8, 49, 83, E0, 3F, 49, C1, E9, 06, 75, 39, 4D, 8B, C8, 49, 83, E0, 07, 49, C1, E9, 03, 74, 11, 66, 66, 66, 90, 90, 48, 89, 11, 48, 83, C1, 08, 49, FF, C9, 75, F4...
 
[+]

Entropy:
6.1752

Code size:
134.5 KB (137,728 bytes)

Remove pmropn64.exe - Powered by Reason Core Security