rmo2.exe

The A MEDIA

The application rmo2.exe by The A MEDIA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is the uninstaller utility registered in the Windows Control Panel for the program Micro onoffpop secure softwear profile by Micro OnOffPop Corporation. This file is typically installed with the program Micro onoffpop secure softwear profile by Micro OnOffPop Corporation.
Publisher:
The A MEDIA  (signed and verified)

Version:
1, 0, 0, 1

MD5:
d6a72a5eba767e622715318f2cce7a07

SHA-1:
9acd2165703d06d820d010c83aae7c34da73233a

SHA-256:
96fa15e9e5153ccedf187d9584103e7a36e0615cd82ff9d609edfdd38e529021

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 4:53:20 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TheAMEDI (M)
16.4.1.1

File size:
418.8 KB (428,848 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2014

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\onoffpop\common\bin\rmo2.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/16/2014 9:00:00 AM

Valid to:
7/15/2017 8:59:59 AM

Subject:
CN=The A MEDIA, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=The A MEDIA, L=GuroGU, S=SEOUL, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6CBA74D61BD6E1976AA4FC95686CB89B

File PE Metadata
Compilation timestamp:
2/23/2016 11:09:56 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
6144:0zREITJtYe5RELicD05hGvAwI0mzGc4RyYozlHxtnQufy823DuwcsvhCarac9gh:Y2e5i6sAwIhzzYyYoz5xJQVu0hbo

Entry address:
0x1590C

Entry point:
E8, 85, 0A, 00, 00, E9, 4E, FE, FF, FF, E9, E6, AF, 00, 00, 55, 8B, EC, FF, 75, 08, E8, F0, FF, FF, FF, 59, 5D, C3, 55, 8B, EC, A1, 64, 30, 46, 00, 8B, C8, 33, 45, 08, 83, E1, 1F, D3, C8, 5D, C3, 55, 8B, EC, A1, 64, 30, 46, 00, 83, E0, 1F, 6A, 20, 59, 2B, C8, 8B, 45, 08, D3, C8, 33, 05, 64, 30, 46, 00, 5D, C3, 55, 8B, EC, 8B, 45, 08, 8B, 4D, 0C, D3, C8, 5D, C3, 55, 8B, EC, 8B, 45, 08, 56, 8B, 48, 3C, 03, C8, 0F, B7, 41, 14, 8D, 51, 18, 03, D0, 0F, B7, 41, 06, 6B, F0, 28, 03, F2, 3B, D6, 74, 19, 8B, 4D, 0C...
 
[+]

Entropy:
6.5848

Code size:
329 KB (336,896 bytes)

Program Uninstaller
Program name:
Micro onoffpop secure softwear profile

Display publisher:
Micro OnOffPop Corporation

Display version:
1.6.1.8

Uninstall string:
C:\users\{user}\appdata\roaming\onoffpop\common\bin\rmo2.exe


The file rmo2.exe has been discovered within the following program.

Micro onoffpop secure softwear profile  by Micro OnOffPop Corporation
About 2% of users remove it
 
Powered by Should I Remove It?

Remove rmo2.exe - Powered by Reason Core Security