» browsecoupon_setup.exe
Overview
Analysis
File Details
Network (3)

browsecoupon_setup.exe

Pavel KRASNOV

This installer (utilizes the InstalleRex from WebPick) is designed to bundle additional software offerings such as adware and malware, mostly web browser extensions in the download manager, with minimal user consent. In most cases the setup process will install a browser extension for IE, Chrome and Firefox by default. The application browsecoupon_setup.exe by Pavel KRASNOV has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the WebPick InstalleRex installer. The setup program uses Web-Pick's InstalleRex download manager and installer to bundle potentially unwanted ad-supported software which includes toolbars and browser extensions through a pay-per-install monetization scheme.

File name:

Publisher:

Pavel KRASNOV (signed and verified)

MD5:

e8c52f13fa5070e016f5b4ab35b09118

SHA-1:

be2d9ec2b91db0fb9778fa2b2654aa9523ab74bc

SHA-256:

f47e04c6aa500cd7c67a6a07f33e8f5c0fb085a45f54be22f4afcb8ea39d5941

Scanner detections:

25 / 68

Status:

Adware

Explanation:

Bundles additional adware offers in the installer/setup process.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 7:25:23 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Dropper.101

1018

Agnitum Outpost

PUA.MultiPlug

7.1.1

AhnLab V3 Security

Adware/Win32.Agent

14.04.23

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.144.202

avast!

Win32:InstalleRex-AT [PUP]

2014.9-140423

AVG

Generic5

2015.0.3496

Bitdefender

Gen:Variant.Adware.Dropper.101

1.0.20.565

Comodo Security

Application.Win32.MegaSearch.ATH

18153

Dr.Web

Trojan.Crossrider.1760

9.0.1.0113

Emsisoft Anti-Malware

Gen:Variant.Adware.Dropper.101

8.14.04.23.07

ESET NOD32

Win32/AdWare.MultiPlug (variant)

8.9710

F-Secure

Gen:Variant.Adware.Dropper.101

11.2014-23-04_4

G Data

Gen:Variant.Adware.Dropper.101

14.4.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.176.11847

Malwarebytes

PUP.Optional.MultiPlug.A

v2014.04.23.07

McAfee

MPlug!E8C52F13FA50

5600.7152

MicroWorld eScan

Gen:Variant.Adware.Dropper.101

15.0.0.339

NANO AntiVirus

Trojan.Win32.Crossrider.cuaztf

0.28.0.59492

Panda Antivirus

Trj/Genetic.gen

14.04.23.07

Reason Heuristics

PUP.Installer.PavelKRASNOV.S

14.4.23.6

Rising Antivirus

PE:Malware.MultiPlug!6.13CF

23.00.65.14421

Sophos

MultiPlug

4.98

Vba32 AntiVirus

BScope.Adware.MegaSearch

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

28530

File size:

602.9 KB (617,400 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

WebPick InstalleRex

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\addons\browsecoupon_setup.exe

Digital Signature

Signed by:

Pavel KRASNOV

Authority:

Unizeto Technologies S.A.

Valid from:

1/17/2014 7:46:29 AM

Valid to:

1/17/2015 7:46:29 AM

Subject:

E=pavel0125@hotmail.com, CN="Open Source Developer, Pavel KRASNOV", O=Pavel KRASNOV, C=RU

Issuer:

CN=Certum Level III CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

145B82E22CCF1D1A2268198D76B51075

File PE Metadata

Compilation timestamp:

2/20/2014 10:49:29 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:MDPzyHZUZIPd26HhBOpTHi4D5D3xxhWN0RZ:MDyZTd2+s1Bhxq0RZ

Entry address:

0x1084B

Entry point:

E8, 7E, 49, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, 11, 42, 00, E8, 5F, 20, 00, 00, E8, E0, 07, 00, 00, 0F, B7, F0, 6A, 02, E8, 11, 49, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D0, 36, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.7540 (probably packed)

Code size:

97 KB (99,328 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to i1.stylefun.info (198.7.61.118:80)

TCP (HTTP):

Connects to dl.softservers.net (184.154.145.171:80)

TCP (HTTP):

Connects to c1.getapplicationmy.info (54.201.215.30:80)

Remove browsecoupon_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.