» omesuperv.exe
Overview
Analysis
File Details

omesuperv.exe

Bebo Media Ltd.

The application omesuperv.exe by Bebo Media has been detected as a potentially unwanted program by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.

File name:

omesuperv.exe

Publisher:

Bebo Media Ltd. (signed and verified)

MD5:

b403b8369ad51c63b5bdbb32846ac923

SHA-1:

57f330763d9874202e386624ef6732d561e056d8

SHA-256:

82d5e40cde5a3ad95671dc859df467a2f8fe634a99d17418d6452031b4cfda79

Scanner detections:

18 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 8:20:57 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.OfferMosquito.A

567

Agnitum Outpost

PUA.Bho

7.1.1

AVG

Generic

2016.0.3045

Bitdefender

Adware.OfferMosquito.A

1.0.20.995

Dr.Web

Adware.Bho.4009

9.0.1.0199

Emsisoft Anti-Malware

Adware.OfferMosquito

8.15.07.18.03

F-Secure

Adware.OfferMosquito.A

11.2015-18-07_7

G Data

Adware.OfferMosquito

15.7.25

K7 AntiVirus

Riskware

13.195.14983

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.1719

Malwarebytes

PUP.Optional.OfferMosquito.A

v2015.07.18.03

MicroWorld eScan

Adware.OfferMosquito.A

16.0.0.597

NANO AntiVirus

Trojan.Win32.Generic.dbxkgn

0.30.0.65070

nProtect

Adware.OfferMosquito.A

15.02.16.01

Reason Heuristics

PUP.BeboMedia.Installer (M)

15.7.18.3

Sophos

Generic PUA GO

4.98

Trend Micro House Call

TROJ_GE.46A4BDB5

7.2.199

VIPRE Antivirus

BeboMedia

37628

File size:

2.1 MB (2,239,256 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\omesuperv.exe

Digital Signature

Signed by:

Bebo Media Ltd.

Authority:

GlobalSign nv-sa

Valid from:

10/15/2013 7:20:49 AM

Valid to:

10/16/2014 7:20:49 AM

Subject:

E=office@bebomedia.com, CN=Bebo Media Ltd., O=Bebo Media Ltd., L=Tortola, S=Tortola, C=VG

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C31FCB2852745C71A0A38B8A13B20EF7

File PE Metadata

Compilation timestamp:

12/5/2009 8:53:24 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:QO0S8OERVUYv3/dfCFzbq5mb/pHVNSIKb6ImzYtpExyQbxqNOS901:QObaVU9Fz+Mb/J7SIjIwYYxx0N61

Entry address:

0x355E

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B8, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, 98, 10, 43, 00, E8, D6, 2E, 00, 00, A3, E4, 0F, 43, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, E8, A7, 42, 00, FF, 15, 58, 81, 40, 00, 68, AC, A7, 40, 00, 68, E0, 07, 43, 00, E8, DC, 29, 00, 00, FF, 15, AC, 80, 40, 00, BF, 00, 70, 43, 00, 50, 57, E8, CA, 29, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

Remove omesuperv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.