home

poverify.exe

poverify

VoiceFive, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application poverify.exe by VoiceFive has been detected as adware by 20 anti-malware scanners. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.
Publisher:
Voicefive Networks , INC.  (signed by VoiceFive, Inc.)

Product:
poverify

Version:
1.0.0.2 (Build 0.2)

MD5:
f7c2f8f288a1100f92cecc20f70872b6

SHA-1:
4b4744acc410483793786d89d1fb4d62678f0e91

SHA-256:
726b325e1b3ea2cfbb1f57ece7a60734151b07874869b6ac6ac7ae5f23507295

Scanner detections:
20 / 68

Status:
Adware

Analysis date:
11/6/2024 4:35:25 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
TrojanSpy.Agent
7.1.1

Avira AntiVirus
ADWARE/Adware.Gen
7.11.97.218

avast!
Win32:Relevant-AB [PUP]
2014.9-131126

Baidu Antivirus
Adware.Win32.MarketScore
4.0.3.131126

Bkav FE
W32.Clod8da.Trojan
1.3.0.4613

Clam AntiVirus
Win.Adware.Agent-4065
0.98/18155

Comodo Security
UnclassifiedMalware
17516

Dr.Web
BackDoor.Mailbot.227
9.0.1.0235

ESET NOD32
Win32/Adware.MarketScore (variant)
7.9190

F-Prot
W32/Adware.AKSC
v6.4.7.1.166

K7 AntiVirus
Adware
13.174.10656

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.3766

Malwarebytes
Adware.PremierOpinion
v2013.08.23.07

McAfee
Artemis!F7C2F8F288A1
5600.7271

MicroWorld eScan
ADWARE/Adware.Gen
14.0.0.705

NANO AntiVirus
Trojan.Win32.Mailbot.cjedny
0.28.0.57029

Reason Heuristics
PUP.VoiceFive.I
14.3.1.0

Trend Micro House Call
TROJ_GEN.R0CBH07IO13
7.2.235

Vba32 AntiVirus
TrojanSpy.Agent
3.12.24.3

VIPRE Antivirus
Marketscore.RelevantKnowledge
24866

File size:
341 KB (349,208 bytes)

Product version:
1.0.0.2 (Build 0.2)

Copyright:
Copyright © 2007-2011

Original file name:
poverify.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\poverify.exe

Digital Signature
Signed by:
VoiceFive, Inc.

Authority:
Thawte, Inc.

Valid from:
9/27/2011 5:00:00 PM

Valid to:
9/27/2013 4:59:59 PM

Subject:
CN="VoiceFive, Inc.", O="VoiceFive, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3EDFC5EA7AAD2A20B9C31AE68DC1005C

File PE Metadata
Compilation timestamp:
11/3/2011 10:15:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:wfq5yuONwg+5mAgLCZdfhJnVmEbuO5TBq/IAXUnxc4qo/yySC:wfqUuONwg+wA3fh3haO5Ts/IAt4QY

Entry address:
0x19FE7

Entry point:
E8, 6A, B3, 00, 00, E9, 16, FE, FF, FF, 3B, 0D, 34, DF, 43, 00, 75, 02, F3, C3, E9, EA, B3, 00, 00, 83, EC, 14, 53, 8B, 5C, 24, 20, 55, 56, 8B, 73, 08, 33, 35, 34, DF, 43, 00, 57, 8B, 06, 83, F8, FE, C6, 44, 24, 13, 00, C7, 44, 24, 18, 01, 00, 00, 00, 8D, 7B, 10, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, B9, FF, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, A9, FF, FF, FF, 8B, 44, 24, 28, F6, 40, 04, 66, 0F, 85, 1F, 01, 00, 00, 8B, 6B, 0C, 83, FD, FE, 8B, 4C, 24, 30, 8D, 54, 24, 1C, 89, 44, 24...
 
[+]

Entropy:
7.0522

Code size:
192 KB (196,608 bytes)

The file poverify.exe has been seen being distributed by the following URL.

http://post.securestudies.com/packages/.../PackageV.exe

Remove poverify.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.