home

kmpaddedcode_oppercd.exe

Groovecom

The application kmpaddedcode_oppercd.exe by Groovecom has been detected as adware by 18 anti-malware scanners. This is a setup program which is used to install the application. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from files4.downloadnet253.com and multiple other hosts.
Publisher:
Groovecom  (signed and verified)

Product:
Groovecom

Version:
80.8.8.8035

MD5:
89af618ab628700ca629fef8292d5796

SHA-1:
5096ae58195060d60781ab3da0b576826c51eba9

SHA-256:
229eead7196c37d207f22458ea79880b5f16b9b1ec52ad14b98319453b989ca6

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Analysis date:
5/20/2024 1:54:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DownloadAdmin.4
431

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
Generic
2016.0.2909

Bitdefender
Gen:Variant.Application.Bundler.DownloadAdmin.4
1.0.20.1670

Bkav FE
W32.HfsAdware
1.3.0.7383

Clam AntiVirus
Win.Trojan.Downloadadmin-248
0.98/21511

Dr.Web
Trojan.Vittalia.1198
9.0.1.0334

ESET NOD32
Win32/DownloadAdmin.P potentially unwanted (variant)
9.12617

Fortinet FortiGate
Riskware/DownloadAdmin
11/30/2015

F-Secure
Gen:Variant.Application.Bundler
11.2015-30-11_2

G Data
Gen:Variant.Application.Bundler.DownloadAdmin
15.11.25

IKARUS anti.virus
PUA.DownloadAdmin
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.17959

MicroWorld eScan
Gen:Variant.Application.Bundler.DownloadAdmin.4
16.0.0.1002

Reason Heuristics
PUP.DownloadAdmin.Groovecom.Installer (M)
15.11.30.21

Rising Antivirus
PE:Adware.DownloadAdmin!1.A243 [F]
23.00.65.151128

VIPRE Antivirus
Trojan.Win32.Generic
45400

Zillya! Antivirus
Adware.BrowseFox.Win32.191000
2.0.0.2527

File size:
871.3 KB (892,240 bytes)

Product version:
80.8.8.8035

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\kmpaddedcode_oppercd.exe

Digital Signature
Signed by:
Groovecom

Authority:
GoDaddy.com, Inc.

Valid from:
11/11/2015 8:18:38 PM

Valid to:
9/10/2016 8:39:55 PM

Subject:
CN=Groovecom, O=Groovecom, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00A5A543D1F82F75E7

File PE Metadata
Compilation timestamp:
11/4/2014 6:12:01 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:9GLVJOFbaPq7JeErrminQ0QNhmZCtyUHeo0TZf4JfZbTlxj4qGRrrAQynvTdcCTZ:IEWiVa0Q0QNttyiAQZbD4rRfZy/RvaIr

Entry address:
0x2026

Entry point:
E8, D5, B8, 00, 00, E9, D3, B1, 00, 00, FF, 25, B0, 40, 41, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, EC, 20, B9, 1E, 00, 00, 00, 8D, 04, 24, EB, 03, 8D, 49, 00, C6, 00, 00, 40, 83, E9, 01, 75, F7, 53, 55, 8B, 6C, 24, 2C, 56, 8B, C5, 57, 8D, 50, 01, 8A, 08, 40, 84, C9, 75, F9, 2B, C2, 8B, F8, 8D, 5F, 02, 53, FF, 15, F4, F1, 40, 00, 83, C4, 04, 53, 8B, F0, 55, 56, FF, 15, 44, F0, 40, 00, C6, 04, 3E, 00, C6, 44, 3E, 01, 00, 8D, 4C, 24, 10, B8, 14, 04, 00, 00, 51, 89, 74, 24, 1C, C7, 44, 24, 18, 03, 00...
 
[+]

Code size:
52.5 KB (53,760 bytes)

The file kmpaddedcode_oppercd.exe has been seen being distributed by the following 8 URLs.

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=75045&cb=1303253992

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=75045&cb=-661454592

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=75045&cb=1771424512

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=75045&cb=2023753681

http://files4.downloadmanager149.com/dl-pure/.../?bc=1188307&checksum=75045&cb=-1070428971

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=75045&cb=-1883646980

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=75045&cb=481638983

http://files4.downloadnet253.com/dl-pure/.../?bc=1188307&checksum=75045&cb=1482896233

Remove kmpaddedcode_oppercd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.