» omesuperv.exe
Overview
Analysis
File Details

omesuperv.exe

Bebo Media Ltd.

The application omesuperv.exe by Bebo Media has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.

File name:

omesuperv.exe

Publisher:

Bebo Media Ltd. (signed and verified)

MD5:

eabb903e8bc0b7829126a34b715d20b2

SHA-1:

a67de062bb4ab2967f67ca51741f175c8876663c

SHA-256:

77b3c0789ea73c18f4b5013723919e8d73652360e43d8e2bba9c03a78b24d94d

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 12:18:16 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.OfferMosquito.A

594

Agnitum Outpost

PUA.Bho

7.1.1

AVG

Generic

2016.0.3072

Bitdefender

Adware.OfferMosquito.A

1.0.20.860

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Bho.4009

9.0.1.0172

Emsisoft Anti-Malware

Adware.OfferMosquito

8.15.06.21.11

F-Secure

Adware.OfferMosquito.A

11.2015-21-06_1

G Data

Adware.OfferMosquito

15.6.25

K7 AntiVirus

Riskware

13.202.15341

Malwarebytes

PUP.Optional.OfferMosquito.A

v2015.06.21.11

McAfee

Artemis!EABB903E8BC0

5600.6728

MicroWorld eScan

Adware.OfferMosquito.A

16.0.0.516

NANO AntiVirus

Trojan.Win32.Generic.dbxkgn

0.30.8.659

nProtect

Adware.OfferMosquito.A

15.03.20.01

Reason Heuristics

PUP.BeboMedia.Installer (M)

15.6.21.7

Sophos

Generic PUA GO

4.98

Trend Micro House Call

Suspicious_GEN.F47V0215

7.2.172

VIPRE Antivirus

BeboMedia

38670

File size:

2.1 MB (2,239,264 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\omesuperv.exe

Digital Signature

Signed by:

Bebo Media Ltd.

Authority:

GlobalSign nv-sa

Valid from:

10/15/2013 12:20:49 PM

Valid to:

10/16/2014 12:20:49 PM

Subject:

E=office@bebomedia.com, CN=Bebo Media Ltd., O=Bebo Media Ltd., L=Tortola, S=Tortola, C=VG

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C31FCB2852745C71A0A38B8A13B20EF7

File PE Metadata

Compilation timestamp:

12/5/2009 11:53:24 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:OO0S8OERVUYv3/dfCFzbq5mb/pHVNSIKb6ImzYtpExyQbxqNOS904:OObaVU9Fz+Mb/J7SIjIwYYxx0N64

Entry address:

0x355E

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B8, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, 98, 10, 43, 00, E8, D6, 2E, 00, 00, A3, E4, 0F, 43, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, E8, A7, 42, 00, FF, 15, 58, 81, 40, 00, 68, AC, A7, 40, 00, 68, E0, 07, 43, 00, E8, DC, 29, 00, 00, FF, 15, AC, 80, 40, 00, BF, 00, 70, 43, 00, 50, 57, E8, CA, 29, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

Remove omesuperv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.