» omesuperv.exe
Overview
Analysis
File Details

omesuperv.exe

Bebo Media Ltd.

The application omesuperv.exe by Bebo Media has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.

File name:

omesuperv.exe

Publisher:

Bebo Media Ltd. (signed and verified)

MD5:

79c81ee21f863335e9b7365612c65baf

SHA-1:

7ef7e415c966a865d14684783a06432ce7e98621

SHA-256:

61af50780b04a21a5298f87251e5dfc4da397e574c16774d276ba667ce619d6f

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 3:53:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.OfferMosquito.A

6532367

Agnitum Outpost

PUA.Bho

7.1.1

avast!

NSIS:OfferMosquito-A [PUP]

2014.9-150317

AVG

Generic

2016.0.3167

Bitdefender

Adware.OfferMosquito.A

1.0.20.380

Dr.Web

Threat.Undefined

9.0.1.05190

Emsisoft Anti-Malware

Adware.OfferMosquito

9.0.0.4799

F-Secure

Adware.OfferMosquito.A

11.2015-17-03_3

G Data

Adware.OfferMosquito

15.3.25

K7 AntiVirus

Riskware

13.201.15291

Malwarebytes

PUP.Optional.OfferMosquito.A

v2015.03.17.05

McAfee

Artemis!724B1F4D8C54

5600.6823

MicroWorld eScan

Adware.OfferMosquito.A

16.0.0.228

NANO AntiVirus

Trojan.Win32.Generic.dbxkgn

0.30.8.659

nProtect

Adware.OfferMosquito.A

15.03.17.01

Reason Heuristics

PUP.Installer.BeboMedia

15.3.17.17

Sophos

Generic PUA GO

4.98

Trend Micro House Call

TROJ_GEN.F47V1210

7.2.76

VIPRE Antivirus

Threat.4887699

37788

File size:

2.1 MB (2,230,128 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\omesuperv.exe

Digital Signature

Signed by:

Bebo Media Ltd.

Authority:

GlobalSign nv-sa

Valid from:

10/15/2013 6:20:49 AM

Valid to:

10/16/2014 6:20:49 AM

Subject:

E=office@bebomedia.com, CN=Bebo Media Ltd., O=Bebo Media Ltd., L=Tortola, S=Tortola, C=VG

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C31FCB2852745C71A0A38B8A13B20EF7

File PE Metadata

Compilation timestamp:

12/5/2009 5:53:24 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:st3Ke0qS8OERVUYv3/dfCFzbq5mb/pHVNSIKb6ImzYtpExyQbxqNOS90c:s5r0laVU9Fz+Mb/J7SIjIwYYxx0N6c

Entry address:

0x355E

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B8, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, 98, 10, 43, 00, E8, D6, 2E, 00, 00, A3, E4, 0F, 43, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, E8, A7, 42, 00, FF, 15, 58, 81, 40, 00, 68, AC, A7, 40, 00, 68, E0, 07, 43, 00, E8, DC, 29, 00, 00, FF, 15, AC, 80, 40, 00, BF, 00, 70, 43, 00, 50, 57, E8, CA, 29, 00, 00... 
[+]

Entropy:

7.9920

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

Remove omesuperv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.