home

JP Media Group

Publisher Information

JP Media Group is a software publisher located in Gangnam-gu, Seoul in Korea*. The company is a primary distributor of unwanted software. Thre are 2 additional code signing certificates issued to this publisher.
Authority:
Thawte, Inc.

Valid from:
10/28/2012 9:00:00 AM

Valid to:
12/28/2014 8:59:59 AM

Subject:
CN=JP Media Group, OU=EC Team, O=JP Media Group, L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
61f1a0d73ef91ea0ed864432a96cac0a

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.JPMediaGroup.I, PUP.JPMediaGroup.H, Threat.JPMediaGroup, PUP.JPMediaGroup (M), PUP.JPMediaG (M), PUP (M)
100.00%

McAfee
Artemis!6ABD55FBDF81, Artemis!0D7A0179BD39, Artemis!F4EE94EFFF4C, Artemis!6373491EEB3E, Artemis!60DCC6038731, Artemis!A6795E32D8F0, Artemis!B6371A4FEC57, Artemis!09F76F2384A3, Artemis!98EBC9CD09C7
38.00%

Avira AntiVirus
TR/Agent.bta, Adware/CloverPlus.122304, Adware/CloverPlus.273856.2, Adware/Symmi.31567, ADWARE/CloverPlus.273856, ADWARE/CloverPlus.273856.1
38.00%

ESET NOD32
Win32/Adware.CloverPlus.AB (variant), Win32/Adware.CloverPlus.AD (variant)
38.00%

Fortinet FortiGate
Riskware/CloverPlus, Adware/CloverPlus, W32/Genome.AB!tr.dldr
36.00%

Dr.Web
DLOADER.Trojan, Trojan.DownLoader11.43310, Trojan.DownLoader11.37976, Adware.CloverPlus.3, Adware.Kraddare.6, Trojan.Adkor.157
36.00%

Kaspersky
not-a-virus:AdWare.Win32.CloverPlus
34.00%

AhnLab V3 Security
PUP/Win32.CloverPlus, PUP/Win32.WinKeyword, PUP/Win32.MulDown
34.00%

VIPRE Antivirus
Trojan.Win32.Generic
32.00%

Sophos
Generic PUA EP, Generic PUA GJ, Generic PUA JK, Generic PUA NK, Generic PUA DP, Generic PUA NI, Generic PUA FB, Generic PUA LK
32.00%

1 / 68      (Adware)
install_poten1.exe  (4e560f7c357a57e3712f63512ae3cfd4)

1 / 68      (Adware)
WinKeyword.EXE  (591352ffb233eb6e0a1d81846d99c0ca)

1 / 68      (Adware)
bt_neo6.exe  (6a7ded11e1d70f55f8b370ddf04740ea)

1 / 68      (Adware)
WinKeyword.EXE  (94de0b200bf572b0a40bcd10a89a90d2)

1 / 68      (Adware)
install_neo8.exe  (11d49d4764ed6f9638d7f5ce9fb1064d)

1 / 68      (Adware)
btipv32.exe  (0a5a757bb834716c22b8be123a3a528c)

1 / 68      (Adware)
wkk14si.exe  (ed8492c1aaccb2c8e32e751e4758fd67)

1 / 68      (Adware)
WinKeyword.EXE  (e0c4cc41be757077a9935cdb461c2679)

1 / 68      (Adware)
install_neo9.exe  (e318b019ce8875f4dc48650c61155d12)

1 / 68      (Adware)
bticon.exe  (dcbdea40239fd93c56917314dbe73fff)

1 / 68      (Adware)
btipv32.exe  (31fe6891d7d4edaa737cb8592c10c69a)

1 / 68      (Adware)
btiupv32.exe  (4da6b720c85be92b6efff711ba93b511)

1 / 68      (Adware)
btipv32.exe.temp  (11cb5e7b4dbba901a8d3387236c329e0)

1 / 68      (Adware)
btipv32.exe.temp  (f12f29c2a1343ba15e0a96b4f1a8d19d)

1 / 68      (Adware)
btipv32.exe  (c259169b673951cafa4eb273f64ab528)

1 / 68      (Adware)
btipv32.exe  (76586349ccf4eef8b1ee2836665066b0)

1 / 68      (Adware)
WinKeyword.EXE  (f46ad6e9f8f51c5ad76dfe005b261fc1)

1 / 68      (Adware)
bt_neo3.exe  (fe2cad5d1b5a84babddc737cac10c124)

1 / 68      (Adware)
wd_id07.exe  (b90eb8da429042e42887c1c7586b4d4d)

1 / 68      (Adware)
WinKeyword.EXE  (599e792db3be64534286e5637f9adb85)

1 / 68      (Adware)
btipv32.exe  (3af9c137346376d1313e06428a61fcc4)

1 / 68      (Adware)
bt_ecu2.exe  (ad097b38da0beceaa231644c15a7eaf1)

1 / 68      (Adware)
bticon.exe  (ea44f75a84c7a90cd054ee39aeffb20d)

1 / 68      (Adware)
install_neo2.exe  (ff2b560aaea737d5c7e5e0e5220c8175)

32 / 68    (Adware)
WinKeyword.EXE  (acb279b890958699283a66a13b225b7f)

1 / 68      (Adware)
winkeyword_up.exe  (7a1b313ffc59cfa1b8ec2901794d6606)

1 / 68      (Adware)
wkv3_i02d.exe  (3e5edb5eac9c71cb43cd40cb0ab0d808)

1 / 68      (Adware)
install_poten1.exe  (f0d424ff265206238aa9914cadd23d07)

1 / 68      (Adware)
winkeyword_up.exe  (466adfc8c552ad9f8d2140f09fb6df57)

32 / 68    (Adware)
WinKeyword.EXE  (54fd475f502cc934f73b4e7eb66b42b7)

 
Latest 30 of 75 files

The certificates below are also signed by JP Media Group.

5DCA728C6C583BA5620015FA14BE4148  (Nov 25, 2014 to Jan 24, 2017)

0264FB9EF73388FA8CADCF87B14D7C00  (Nov 21, 2011 to Nov 21, 2012)

* Note, the details and description above are based on the code signing digital signature issued to JP Media Group by Thawte, Inc. on October 28, 2012 with the serial number '61f1a0d73ef91ea0ed864432a96cac0a'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.