home

kmpaddedcode_oppercd.exe

Groovecom

The application kmpaddedcode_oppercd.exe by Groovecom has been detected as adware by 21 anti-malware scanners. This is a setup program which is used to install the application. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from files4.downloadnet253.com and multiple other hosts.
Publisher:
Groovecom  (signed and verified)

Product:
Groovecom

Version:
80.8.8.8035

MD5:
6227338afc10a2ccea461c462df4f44c

SHA-1:
1fbfef6484810b998a714fe465eddf739dc92a81

SHA-256:
cf6b97af64d6f7627f24a91e69e43ed37b2b294e2ab3d332ce291a3035ce1373

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
5/20/2024 2:04:13 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DownloadAdmin.4
411

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
Generic
2016.0.2889

Bitdefender
Gen:Variant.Application.Bundler.DownloadAdmin.4
1.0.20.1775

Bkav FE
W32.HfsAdware
1.3.0.7383

Clam AntiVirus
Win.Trojan.Downloadadmin-248
0.98/21511

Comodo Security
Application.Win32.DownloadAdmin.RP
23688

Dr.Web
Trojan.Vittalia.1198
9.0.1.0355

ESET NOD32
Win32/DownloadAdmin.P potentially unwanted (variant)
9.12617

Fortinet FortiGate
Riskware/DownloadAdmin
12/21/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-21-12_2

G Data
Gen:Variant.Application.Bundler.DownloadAdmin
15.12.25

IKARUS anti.virus
PUA.DownloadAdmin
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.17959

McAfee
Artemis!A5C08631749C
5600.6545

MicroWorld eScan
Gen:Variant.Application.Bundler.DownloadAdmin.4
16.0.0.1065

Panda Antivirus
Trj/Genetic.gen
15.12.21.08

Reason Heuristics
PUP.DownloadAdmin.Groovecom.Installer (M)
15.12.21.8

Rising Antivirus
PE:Adware.DownloadAdmin!1.A243 [F]
23.00.65.151219

VIPRE Antivirus
Trojan.Win32.Generic
45400

Zillya! Antivirus
Adware.BrowseFox.Win32.191000
2.0.0.2527

File size:
871.3 KB (892,240 bytes)

Product version:
80.8.8.8035

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kmpaddedcode_oppercd.exe

Digital Signature
Signed by:
Groovecom

Authority:
GoDaddy.com, Inc.

Valid from:
11/12/2015 1:18:38 AM

Valid to:
9/11/2016 12:39:55 AM

Subject:
CN=Groovecom, O=Groovecom, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00A5A543D1F82F75E7

File PE Metadata
Compilation timestamp:
11/4/2014 11:12:01 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:mGLVJOFbaPq7JeErrminQ0QNhmZCtyUHeo0TZf4JfZbTlxj4qGRrrAQynvTdcCTZ:zEWiVa0Q0QNttyiAQZbD4rRfZy/RvaIr

Entry address:
0x2026

Entry point:
E8, D5, B8, 00, 00, E9, D3, B1, 00, 00, FF, 25, B0, 40, 41, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, EC, 20, B9, 1E, 00, 00, 00, 8D, 04, 24, EB, 03, 8D, 49, 00, C6, 00, 00, 40, 83, E9, 01, 75, F7, 53, 55, 8B, 6C, 24, 2C, 56, 8B, C5, 57, 8D, 50, 01, 8A, 08, 40, 84, C9, 75, F9, 2B, C2, 8B, F8, 8D, 5F, 02, 53, FF, 15, F4, F1, 40, 00, 83, C4, 04, 53, 8B, F0, 55, 56, FF, 15, 44, F0, 40, 00, C6, 04, 3E, 00, C6, 44, 3E, 01, 00, 8D, 4C, 24, 10, B8, 14, 04, 00, 00, 51, 89, 74, 24, 1C, C7, 44, 24, 18, 03, 00...
 
[+]

Entropy:
7.9690  (probably packed)

Code size:
52.5 KB (53,760 bytes)

The file kmpaddedcode_oppercd.exe has been seen being distributed by the following 6 URLs.

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=74485&cb=-976107380

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=74485&cb=-568749922

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=74485&cb=1274630603

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=74485&cb=363425045

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=74485&cb=-1966719915

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=74485&cb=526310766

Remove kmpaddedcode_oppercd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.