home

JP Media Group

Publisher Information

JP Media Group is a software publisher located in Gangnam-gu, Seoul in Korea*. The company is a primary distributor of unwanted software. Thre are 2 additional code signing certificates issued to this publisher.
Authority:
Thawte, Inc.

Valid from:
11/25/2014 9:00:00 AM

Valid to:
1/24/2017 8:59:59 AM

Subject:
CN=JP Media Group, O=JP Media Group, L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5dca728c6c583ba5620015fa14be4148

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.JPMediaGroup.H, PUP.JPMediaGroup.I, PUP.JPMediaGroup (M), PUP.JPMediaG (M), PUP (M)
100.00%

Avira AntiVirus
TR/Agent.bta, ADWARE/CloverPlus.240424, ADWARE/CloverPlus.240424.2, ADWARE/CloverPlus.236328.1, ADWARE/CloverPlus.240424.3
65.00%

AhnLab V3 Security
PUP/Win32.CloverPlus, PUP/Win32.WinKeyword
65.00%

ESET NOD32
Win32/Adware.CloverPlus.AD (variant), Win32/Adware.CloverPlus.AB (variant)
65.00%

Fortinet FortiGate
Riskware/CloverPlus
65.00%

Trend Micro House Call
Suspicious_GEN.F47V1223, TROJ_GEN.R047H09KR14, TROJ_GEN.R0C1C0OBG15, TROJ_GEN.R02ZC0OBO15, TROJ_GEN.F47V0310
60.00%

avast!
Win32:Adware-BGO [PUP], Win32:Seimon-B [Drp]
60.00%

Sophos
Generic PUA BO, Generic PUA OO, Generic PUA ON, Generic PUA GD, Generic PUA LK, Generic PUA JG
60.00%

Comodo Security
ApplicUnwnt
60.00%

IKARUS anti.virus
not-a-virus:AdWare.CloverPlus, not-a-virus:AdWare.KSG, Win32.AdWare.ADY
60.00%

1 / 68      (Adware)
WinKeyword.EXE  (ed59c6c23b0c091f59756a9ae55d9486)

1 / 68      (Adware)
btipv32.exe.temp  (d2a645498e71c67f8a6b9828f7332058)

1 / 68      (Adware)
btipv32.exe  (2d8aba8d0d12baa2d5e5382e32c83dfa)

1 / 68      (Adware)
WinKeyword.EXE  (bc181af46151ae72b1c357a6178de3d1)

1 / 68      (Adware)
btipv32.exe.temp  (3ed9feb77195c47d07dea5d22f98f366)

1 / 68      (Adware)
btipv32.exe  (9fa4495d01848e4fdba88ca8ebf34a15)

26 / 68    (Adware)
btipv32.exe  (cf44cd9e7327c6ede6bd557a49863526)

32 / 68    (Adware)
WinKeyword.EXE  (2c6f72e1244190f00921cde15f895bb3)

1 / 68      (Adware)
c_exe.exe  (b1f9c64da13e1b4d66241fd3ae15f416)

11 / 68    (Adware)
kkeywork.exe  (16fc1c5621b2dbc7cb5378c5ed253847)

32 / 68    (Adware)
WinKeyword.EXE  (296fc3f5ec7c09bb68a0e6fb4af55f7d)

31 / 68    (Adware)
WinKeyword.EXE  (bd97024346dbf969c950476668eb53d8)

25 / 68    (Adware)
btipv32.exe  (3d7fe6e2b670d3e2f61142bd543e8902)

25 / 68    (Adware)
btipv32.exe  (05d551f7726e98e2cdafead1c96647b1)

30 / 68    (Adware)
WinKeyword.EXE  (02d1976bad5a2a902be924378dcbcb67)

25 / 68    (Adware)
btipv32.exe  (36cf47de6b190da1d7b1c737bddc86b3)

16 / 68    (Adware)
c_exe.exe  (1b0bf08477ad936c27d599f0f382dab9)

25 / 68    (Adware)
btipv32.exe  (50bbf498c4d16ef0127f236ede9b2be6)

22 / 68    (Adware)
btiupv32.exe  (4ca8912c012b89de2cf1a97770a17d85)

14 / 68    (Adware)
btipv32.exe  (217b6abd3027cac4ad8b3ac6872f347f)

The certificates below are also signed by JP Media Group.

61F1A0D73EF91EA0ED864432A96CAC0A  (Oct 28, 2012 to Dec 28, 2014)

0264FB9EF73388FA8CADCF87B14D7C00  (Nov 21, 2011 to Nov 21, 2012)

* Note, the details and description above are based on the code signing digital signature issued to JP Media Group by Thawte, Inc. on November 25, 2014 with the serial number '5dca728c6c583ba5620015fa14be4148'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.