home

kmpaddedcode_oppercd.exe

Groovecom

The application kmpaddedcode_oppercd.exe by Groovecom has been detected as adware by 21 anti-malware scanners. This is a setup program which is used to install the application. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from files4.downloadnet253.com and multiple other hosts.
Publisher:
Groovecom  (signed and verified)

Product:
Groovecom

Version:
80.8.8.8035

MD5:
2167760efd896d66551f1ddc2ebe0d2f

SHA-1:
40c2daeed7366576d1f64ca06f78af41319c6a78

SHA-256:
a28dc6341ae59ed911f87f02da488de641dbcca97786527b4af34a4f0c6944b9

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
4/25/2024 8:08:10 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DownloadAdmin.4
386

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
Generic
2017.0.2864

Bitdefender
Gen:Variant.Application.Bundler.DownloadAdmin.4
1.0.20.75

Bkav FE
W32.HfsAdware
1.3.0.7383

Clam AntiVirus
Win.Trojan.Downloadadmin-248
0.98/21511

Comodo Security
Application.Win32.DownloadAdmin.RP
23688

Dr.Web
Trojan.Vittalia.1198
9.0.1.015

ESET NOD32
Win32/DownloadAdmin.P potentially unwanted (variant)
10.12617

Fortinet FortiGate
Riskware/DownloadAdmin
1/15/2016

F-Secure
Gen:Variant.Application.Bundler
11.2016-15-01_6

G Data
Gen:Variant.Application.Bundler.DownloadAdmin
16.1.25

IKARUS anti.virus
PUA.DownloadAdmin
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.17959

McAfee
Artemis!A5C08631749C
5600.6520

MicroWorld eScan
Gen:Variant.Application.Bundler.DownloadAdmin.4
17.0.0.45

Panda Antivirus
Trj/Genetic.gen
16.01.15.02

Reason Heuristics
PUP.DownloadAdmin.Groovecom.Installer (M)
16.1.15.2

Rising Antivirus
PE:Adware.DownloadAdmin!1.A243 [F]
23.00.65.16113

VIPRE Antivirus
Trojan.Win32.Generic
45400

Zillya! Antivirus
Adware.BrowseFox.Win32.191000
2.0.0.2527

File size:
871.3 KB (892,240 bytes)

Product version:
80.8.8.8035

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kmpaddedcode_oppercd.exe

Digital Signature
Signed by:
Groovecom

Authority:
GoDaddy.com, Inc.

Valid from:
11/11/2015 5:18:38 PM

Valid to:
9/10/2016 3:39:55 PM

Subject:
CN=Groovecom, O=Groovecom, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00A5A543D1F82F75E7

File PE Metadata
Compilation timestamp:
11/4/2014 3:12:01 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:TGLVJOFbaPq7JeErrminQ0QNhmZCtyUHeo0TZf4JfZbTlxj4qGRrrAQynvTdcCTZ:GEWiVa0Q0QNttyiAQZbD4rRfZy/RvaIr

Entry address:
0x2026

Entry point:
E8, D5, B8, 00, 00, E9, D3, B1, 00, 00, FF, 25, B0, 40, 41, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, EC, 20, B9, 1E, 00, 00, 00, 8D, 04, 24, EB, 03, 8D, 49, 00, C6, 00, 00, 40, 83, E9, 01, 75, F7, 53, 55, 8B, 6C, 24, 2C, 56, 8B, C5, 57, 8D, 50, 01, 8A, 08, 40, 84, C9, 75, F9, 2B, C2, 8B, F8, 8D, 5F, 02, 53, FF, 15, F4, F1, 40, 00, 83, C4, 04, 53, 8B, F0, 55, 56, FF, 15, 44, F0, 40, 00, C6, 04, 3E, 00, C6, 44, 3E, 01, 00, 8D, 4C, 24, 10, B8, 14, 04, 00, 00, 51, 89, 74, 24, 1C, C7, 44, 24, 18, 03, 00...
 
[+]

Code size:
52.5 KB (53,760 bytes)

The file kmpaddedcode_oppercd.exe has been seen being distributed by the following 6 URLs.

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=74653&cb=195990506

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=74653&cb=-834933698

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=74653&cb=-1028210774

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=74653&cb=1756402557

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=74653&cb=1139671480

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=74653&cb=1606349371

Remove kmpaddedcode_oppercd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.