home

omesuperv.exe

Bebo Media Ltd.

The application omesuperv.exe by Bebo Media has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It runs as a scheduled task under the Windows Task Scheduler named OMESupervisor triggered to execute each time a user logs in.
Publisher:
Bebo Media Ltd.  (signed and verified)

MD5:
cbaac17296b90c5b47fe47bc62ffaa35

SHA-1:
dfc322c2b6ee7ac84f657262bbf04055ca05c671

SHA-256:
7e548be064bb61b6a19d6d81585b500e958faea03b96d5262d8171fd36ea184d

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 5:22:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.OfferMosquito.A
513

Agnitum Outpost
PUA.Bho
7.1.1

AVG
Generic
2016.0.2991

Bitdefender
Adware.OfferMosquito.A
1.0.20.1260

Dr.Web
Adware.Bho.4009
9.0.1.0252

Emsisoft Anti-Malware
Adware.OfferMosquito
8.15.09.09.01

F-Secure
Adware.OfferMosquito.A
11.2015-09-09_4

G Data
Adware.OfferMosquito
15.9.25

K7 AntiVirus
Riskware
13.194.14970

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.1452

Malwarebytes
PUP.Optional.OfferMosquito.A
v2015.09.09.01

McAfee
Artemis!724B1F4D8C54
5600.6647

MicroWorld eScan
Adware.OfferMosquito.A
16.0.0.756

NANO AntiVirus
Trojan.Win32.Generic.dbxkgn
0.30.0.65070

nProtect
Adware.OfferMosquito.A
15.02.13.01

Reason Heuristics
PUP.BeboMedia.Installer (M)
15.9.9.13

Sophos
Generic PUA GO
4.98

Trend Micro House Call
Suspicious_GEN.F47V0205
7.2.252

VIPRE Antivirus
BeboMedia
37596

File size:
2.2 MB (2,259,360 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\omesuperv.exe

Digital Signature
Signed by:
Bebo Media Ltd.

Authority:
GlobalSign nv-sa

Valid from:
10/15/2013 11:20:49 AM

Valid to:
10/16/2014 11:20:49 AM

Subject:
E=office@bebomedia.com, CN=Bebo Media Ltd., O=Bebo Media Ltd., L=Tortola, S=Tortola, C=VG

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C31FCB2852745C71A0A38B8A13B20EF7

File PE Metadata
Compilation timestamp:
12/5/2009 10:53:24 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:TOeFS8OERVUYv3/dfCFzbq5mb/pHVNSIKb6ImzYtpExyQbxqNOS905:TOemaVU9Fz+Mb/J7SIjIwYYxx0N65

Entry address:
0x355E

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B8, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, 98, 10, 43, 00, E8, D6, 2E, 00, 00, A3, E4, 0F, 43, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, E8, A7, 42, 00, FF, 15, 58, 81, 40, 00, 68, AC, A7, 40, 00, 68, E0, 07, 43, 00, E8, DC, 29, 00, 00, FF, 15, AC, 80, 40, 00, BF, 00, 70, 43, 00, 50, 57, E8, CA, 29, 00, 00...
 
[+]

Entropy:
7.9922

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

Scheduled Task
Task name:
OMESupervisor

Trigger:
Logon (Runs on logon)


Remove omesuperv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.