pmxg.dll

PremierOpinion

Voicefive Networks, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The module pmxg.dll by Voicefive Networks has been detected as adware by 8 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
Voicefive Networks, Inc.  (signed and verified)

Product:
PremierOpinion

Version:
1, 3, 323, 1

MD5:
5abb21147961602ea0b3f58457664bbf

SHA-1:
9cc0829af91ecae9a25dcc147598e0db9dc9ba2f

SHA-256:
e2d4e1f2c5999a49ef8850a318a5d2d57ae1b4fcf7e6db1e6d83da7b3741d54f

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
11/22/2024 4:38:05 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADSPY/AdSpy.Gen
7.11.215.140

avast!
Win32:Relevant-G [PUP]
2014.9-150629

Malwarebytes
PUP.Optional.RelevantKnowledge
v2015.06.29.05

McAfee
Generic PUP.x!dz
5600.6720

Norman
Adware.A!genr
11.20150629

Reason Heuristics
PUP.VoicefiveNetworks.E
14.8.19.10

Sophos
Generic Proxy-OSS Application
4.98

VIPRE Antivirus
Gen-Adware.Heur
38286

File size:
116.7 KB (119,456 bytes)

Product version:
1, 3, 323, 1

Copyright:
Copyright (C) 2001-2008

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\windows\temp\{random}.tmp\pmxg.dll

Digital Signature
Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
3/3/2008 6:00:00 PM

Valid to:
3/4/2010 5:59:59 PM

Subject:
CN="Voicefive Networks, Inc.", OU=Secure Application Development, O="Voicefive Networks, Inc.", L=Chicago, S=Illinois, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
69D4A9838720D7B9A606CB8E1E25ADED

File PE Metadata
Compilation timestamp:
3/31/2009 9:55:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
1536:FOExwi54FuLdtNdm2CUZSHEiA7Suk6Q9yGzS6iltguGwNTsUGAx2O7iGHbqCRKC8:93Z+lfqtgpwFmAx2O7iG7VRXQR

Entry address:
0xF623

Entry point:
6A, 0C, 68, 50, 2E, 01, 10, E8, 81, 02, 00, 00, 33, C0, 40, 89, 45, E4, 33, FF, 89, 7D, FC, 8B, 75, 0C, 3B, F7, 75, 0C, 39, 3D, 2C, 72, 01, 10, 0F, 84, AC, 00, 00, 00, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, 54, 72, 01, 10, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, E5, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, FC, 01, 00, 00, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF...
 
[+]

Entropy:
5.6322

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
68 KB (69,632 bytes)

Remove pmxg.dll - Powered by Reason Core Security