vopackage.exe

ClickMeIn Limited

The application vopackage.exe by ClickMeIn Limited has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. Additionally, the file is typically installed by a number of programs including Remote Desktop Access (VuuPC) by CMI Limited and Installer by ClickMeIn Limited, both potentially unwanted software. It is also typically executed from an Internet Explorer cache folder.
Publisher:
ClickMeIn Limited  (signed and verified)

Description:
VOPackage

Version:
1.0.0.0

MD5:
a0a50362c6e1d86e9290d279378caadd

SHA-1:
91a6a37448b95c1bba932e6515d6206a0b38c70b

SHA-256:
7f5e0efc04c0328dcb15443d73fa9ed548d384ce990c2331413dfaeac6104a37

Scanner detections:
3 / 68

Status:
Adware

Explanation:
May bundle potentially unwanted software during setup with minimal user consent.

Analysis date:
7/25/2014 4:26:26 PM UTC  (one month ago)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.1411
9.0.1.01

Kingsoft AntiVirus
Win32.Troj.Undef.(kcloud)
331020.49267

Reason Heuristics
Adware.CMI.ClickMeInLimited.J
14.7.25.12

File size:
593.4 KB (607,624 bytes)

Product version:
1.0.0.0

Copyright:
Copyright 2013

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\Users\user\Downloads\vopackage.exe  (downloaded from the Internet)

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
1/11/2012 4:00:00 PM

Valid to:
3/2/2015 3:59:59 PM

Subject:
CN=ClickMeIn Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ClickMeIn Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0181B78FA98E62B38390017BFFA25E8C

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:XIF+ZPPfnEUnPkXwJ5VI8K5r0S9gyRniwarfzJOIuSfL1fhYFaK7Q78bZQgIkO:XBlvYAJ5C8Kh00ar1z9L1YHQ7OdIkO

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9574

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file vopackage.exe has been discovered within the following programs.

Installer  by ClickMeIn Limited
This is an adware bundler called VOPackage (includes and installs various adware offers) using a standard installer such as Nullsoft which downloads such offers remotely.
www.clickmein.com
87% remove it
Developed and distributed through bundled installer from Click Me In, a division of ironSource. The software may be bundled by 3rd-party products using the InstallCore distribution platform.
vuupc.com/terms.html
About 82% of users remove it
VO Package  by ClickMeIn Limited
This is an adware bundle distributed through a download manager. These packages are ad-supported that include the original program as well as the included advertiser software, mostly web browser extensions for search and coupons.
clickmein.com
87% remove it
 
Powered by Should I Remove It?

5 / 68      (Adware)
setup.exe  (851c8be6b029edf880b8b157e542b9de9b00c94a)

10 / 68    (Adware)
clickmeinsetup.exe  (4258eb4c633cf4c21d6feb47f7219bfdb552aa17)

3 / 68      (Adware)
manualregister.exe  (40b6b7bf6c646eed8cbeb62a5ea09a912a2c0fb0)

5 / 68      (Adware)
nsge527.tmp.exe  (4b97f01283ef93f4195ad5ceeec92153a75e987a)

8 / 68      (Adware)
icreinstall_ml-2010 driver -windows 7-8-setup.exe  (c90f7597d7fc3011e0a0470bbb17b297c7dc043a)

1 / 68      (Adware)
latestclickmeinsetup1.0.0.180.exe  (867c00ad40b23cf655b48c9cbbd21159e31d6018)

2 / 68      (Adware)
latestclickmeinsetup1.0.0.181.exe  (d46ac3149b90ae8f1ecdc07f35492a0f3d5dab1d)

9 / 68      (Adware)
icreinstall_vuupc_setup.exe  (2cee752726fcd2682da0dfdde94ebdeaf3acd5a6)

10 / 68    (Adware)
anyprotectscannersetup.exe  (124eb7700ef1bf1d67a5933b5e8afc20f92fa67a)

2 / 68      (Adware)
connectivity.exe (by ClickMeIn Limited)  (1346ebcb08bba098095d0eb9acdf9b451ac95802)

1 / 68      (Adware)
remoteenginehelper.exe (by ClickMeIn Limited)  (38bd7b656d5ba24597890437041cd97e20c5bb6a)

2 / 68      (Adware)
remoteengine.exe (by ClickMeIn Limited)  (b03f5fa591cf9a50c345d7b423a082e90f842cb0)

1 / 68      (Adware)
vuupcupdater.exe  (b051e01293bc3857c9767ff2a2adbe76ccdb90ec)

5 / 68      (Adware)
nsgb023.tmp.exe  (350d07e207357a593fb4fb9220c3ce784b0bb3ce)

12 / 68    (Adware)
clickmeingeneric.exe  (606a78a3cde9840f3add1f92a540864bb401ccf0)

1 / 68      (Adware)
icreinstall_anysendsetup.exe  (46782a1178c46d7d6a64d6a38822849a8408d261)

Detection Incidence by Country