home

pmropn.exe

PremierOpinion

VoiceFive Networks, Inc.

The component is part of the TMRG platform which will track various behaviors of web browsing habits including tracking sites and domains visited as well as ads clicked. The application pmropn.exe by VoiceFive Networks has been detected as adware by 9 anti-malware scanners. This file is typically installed with the program PremierOpinion by VoiceFive, Inc. which is a potentially unwanted software program. While running, it connects to the Internet address wwwc.or6.securestudies.com on port 80 using the HTTP protocol.
Publisher:
VoiceFive, Inc.  (signed by VoiceFive Networks, Inc.)

Product:
PremierOpinion

Version:
1.3.337.320 (Build 337.320)

MD5:
14ab106abf346d5fca23af58b30a1f1a

SHA-1:
c74c9fe819d43e97f3f16b47417a7264f60681ed

SHA-256:
966be78fd6e23980c71e59fce97880ec6a3ebad0a6921805de03847c660c4f23

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
4/26/2024 11:37:15 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen
7.11.121.182

Comodo Security
ApplicUnwnt
17490

Dr.Web
DLOADER.Trojan
9.0.1.0358

ESET NOD32
Win32/Adware.RK.AE (variant)
7.9190

K7 AntiVirus
Unwanted-Program
13.174.10609

Malwarebytes
Adware.PremierOpinion
v2013.12.24.02

Reason Heuristics
PUP.VoiceFiveNetworks.G
14.2.16.1

Sophos
Generic Proxy-OSS Application
4.96

Trend Micro House Call
TROJ_GEN.F47V1123
7.2.358

File size:
3.3 MB (3,468,088 bytes)

Product version:
1.3.337.320 (Build 337.320)

Copyright:
Copyright © 2001-2004

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\premieropinion\pmropn.exe

Digital Signature
Signed by:
VoiceFive Networks, Inc.

Authority:
VeriSign, Inc.

Valid from:
9/11/2012 5:00:00 PM

Valid to:
10/8/2015 4:59:59 PM

Subject:
CN="VoiceFive Networks, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="VoiceFive Networks, Inc.", L=Reston, S=Virginia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7DF0080A576090E4868BAC6B0E459122

File PE Metadata
Compilation timestamp:
11/13/2013 12:42:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:Q9Ke9hGnmK7dz0docCFTRHFXPy3TClgspk0XRhDS4TlJ7lNytKg:4Q7dz0docCFTRhyBom

Entry address:
0x22D695

Entry point:
E8, C3, 54, 01, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 11, D7, 62, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 97, DF, 03, 00, 8B, 45, 0C, 8B...
 
[+]

Entropy:
6.5584

Code size:
2.6 MB (2,701,312 bytes)

The file pmropn.exe has been discovered within the following program.

PremierOpinion  by VoiceFive, Inc.
Publisher's description - “VoiceFive, a comScore, Inc. company, is a leading global market research company that studies and reports on Internet trends and behavior.”
73% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to wwwc.ia6.securestudies.com  (205.217.167.8:80)

TCP (HTTP):
Connects to wwwc.ri4.securestudies.com  (205.218.48.200:80)

TCP (HTTP):
Connects to wwwc.ri3.securestudies.com  (205.218.48.168:80)

TCP (HTTP):
Connects to wwwc.or6.securestudies.com  (4.26.45.200:80)

TCP (HTTP SSL):
Connects to wwwc.or4.securestudies.com  (209.247.230.166:443)

TCP (HTTP SSL):
Connects to wwwc.or3.securestudies.com  (209.247.226.38:443)

TCP (HTTP):
Connects to wwwc.or2.securestudies.com  (4.79.209.230:80)

TCP (HTTP):
Connects to wwwc.or1.securestudies.com  (63.208.138.230:80)

TCP (HTTP SSL):
Connects to wwwc.ia8.securestudies.com  (205.218.48.168:443)

TCP (HTTP):
Connects to wwwc.ia5.securestudies.com  (165.193.93.104:80)

TCP (HTTP):
Connects to wwwc.ia4.securestudies.com  (66.119.33.170:80)

TCP (HTTP):
Connects to wwwc.ia1.securestudies.com  (165.193.73.40:80)

TCP (HTTP):
Connects to tx11.flamingtext.com  (50.22.64.83:80)

TCP (HTTP):
Connects to server-54-239-164-203.lhr50.r.cloudfront.net  (54.239.164.203:80)

TCP (HTTP):
Connects to server-54-230-175-253.bom2.r.cloudfront.net  (54.230.175.253:80)

TCP (HTTP):
Connects to server-54-230-172-7.bom2.r.cloudfront.net  (54.230.172.7:80)

TCP (HTTP):
Connects to server-54-230-12-222.ams1.r.cloudfront.net  (54.230.12.222:80)

TCP (HTTP):
Connects to pop.where.secureserver.net  (65.98.64.90:80)

TCP (HTTP):
Connects to persephone.blicky.net  (78.47.60.241:80)

Remove pmropn.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.