» beecoupons.exe
Overview
Analysis
File Details
Downloads (1)

beecoupons.exe

Engaging Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application beecoupons.exe by Engaging Apps has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

beecoupons.exe

Publisher:

Engaging Apps (signed and verified)

MD5:

b769e632dfe3e5070d132db1815cd43b

SHA-1:

933d80a72fe5ba043aff1999ab5f2c7cb94e666c

SHA-256:

5ba6162180bad180ba0be80e6a5a607a90aa22579501bc7137b23da5e01d7586

Scanner detections:

6 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

5/25/2024 10:30:56 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Crossrider.7022

9.0.1.097

McAfee

Artemis!B769E632DFE3

5600.7168

Reason Heuristics

PUP.EngagingApps.K

14.8.7.21

Sophos

AppRider

4.98

Trend Micro House Call

TROJ_GEN.F47V0319

7.2.97

VIPRE Antivirus

GamePlayLabs

27988

File size:

1.1 MB (1,113,576 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\beecoupons.exe

Digital Signature

Signed by:

Engaging Apps

Authority:

Thawte, Inc.

Valid from:

6/3/2013 8:00:00 PM

Valid to:

6/4/2014 7:59:59 PM

Subject:

CN=Engaging Apps, O=Engaging Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

632EEBD9B987BC680D444D8675A26545

File PE Metadata

Compilation timestamp:

2/19/2012 10:01:49 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

24576:FtLtObcg1MVuWlYFVBKIne5mqr0qAyLEzjP4S/EP1/3KMPM6E6uG1EEf:F1wbRWlQVkmK0qAy4zH6KP6EVG1EEf

Entry address:

0x4327

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.9574 (probably packed)

Code size:

34.5 KB (35,328 bytes)

The file beecoupons.exe has been seen being distributed by the following URL.

http://vbmz.visualb.com/BeeCoupons.exe

Remove beecoupons.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.