vopackage.exe

The application vopackage.exe has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This file is typically installed with the program Installer by ClickMeIn Limited which is a potentially unwanted software program. The file has been seen being downloaded from d1t653m828c3x8.cloudfront.net and multiple other hosts. While running, it connects to the Internet address bi1.clickmein.com on port 80 using the HTTP protocol.
Description:
install

Version:
1.0.0.0

MD5:
7dd4b79acbcbb71fffe52b0d0ece4114

SHA-1:
88816aa2c09f734f46b1b5814f1f98569039521a

SHA-256:
fdb794a4bd1f474553587c4f2fe46ee7436f1cf3dc1b8244a26cf199b9423306

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
12/24/2024 12:13:50 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.VOPackage
4.0.3.14624

ESET NOD32
Win32/VOPackage
8.9991

Reason Heuristics
Adware.CMI.J
14.7.25.12

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.14622

File size:
281.5 KB (288,232 bytes)

Product version:
1.0.0.0

Copyright:
(C) 2014

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\roaming\vopackage\vopackage.exe

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ke34jdTnq+tw8Gk9d75+ZPPfnE2Qyn2FEtt2NB6+sWgtgTEtt2NB6+s/PM:EdTnq+uWTF+ZPPfnEUnsEWfXsPmEWfXP

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file vopackage.exe has been discovered within the following program.

Installer  by ClickMeIn Limited
This is an adware bundler called VOPackage (includes and installs various adware offers) using a standard installer such as Nullsoft which downloads such offers remotely.
www.clickmein.com
87% remove it
 
Powered by Should I Remove It?

The file vopackage.exe has been seen being distributed by the following 5 URLs.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to bi1.clickmein.com  (162.243.198.187:80)

Remove vopackage.exe - Powered by Reason Core Security