home

cashnback.exe

Aplicação do Cash 'n Back

RBM SOLUCOES EM INFORMATICA LTDA - EPP

The application cashnback.exe by RBM SOLUCOES EM INFORMATICAA - EPP has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Aplicação do Cash 'n Back”. This file is typically installed with the program Cash 'n Back by RBM Solutions.
Publisher:
RBM Solutions  (signed by RBM SOLUCOES EM INFORMATICA LTDA - EPP)

Product:
Aplicação do Cash 'n Back

Version:
1.0.2

MD5:
e00868d7d4b37d75baa3ba9147f87de0

SHA-1:
6a56612627dc386785a8dcfa8db5fe1f048d937a

SHA-256:
39b1f67c1f3be254a7ad2b6a2cd286578f2d5ca906db39834cf194f2fed84c45

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
4/19/2024 2:57:20 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adpeak.Cashback.Meta (M)
16.3.28.8

File size:
399.1 KB (408,688 bytes)

Product version:
1.0.2

Copyright:
(c) RBM Solutions LTDA. All rights reserved.

Original file name:
CashNBack

File type:
Executable application (Win32 EXE)

Language:
Brazilian Portuguese

Common path:
C:\Program Files\rbm\cashnback\cashnback.exe

Digital Signature
Signed by:
RBM SOLUCOES EM INFORMATICA LTDA - EPP

Authority:
DigiCert Inc

Valid from:
1/13/2014 10:00:00 PM

Valid to:
12/9/2014 10:00:00 AM

Subject:
CN=RBM SOLUCOES EM INFORMATICA LTDA - EPP, O=RBM SOLUCOES EM INFORMATICA LTDA - EPP, L=São Paulo, S=São Paulo, C=BR, PostalCode=04125120, STREET="Rua Delmira Ferreira, 178", SERIALNUMBER=17834147000180, OID.1.3.6.1.4.1.311.60.2.1.3=BR, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0159F824AE51D90E04B4ACA79A1BB571

File PE Metadata
Compilation timestamp:
11/7/2013 6:13:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
6144:lc5kx9n3QUlhsjkvlOFH8uR/Ti99B4n6fR3xDZiuOv3N4:lc5kPzsjIcl8u9EpfRJZirN4

Entry address:
0x27891

Entry point:
E8, C1, A2, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 83, EC, 2C, A1, 80, E5, 44, 00, 33, C5, 89, 45, FC, 56, FF, 75, 0C, 8B, 75, 08, 8D, 4D, D4, E8, D7, EC, FF, FF, 85, F6, 75, 14, E8, 44, 28, 00, 00, C7, 00, 16, 00, 00, 00, E8, AA, 76, 00, 00, D9, EE, EB, 4B, 8B, 55, D4, 83, 7A, 74, 01, 7E, 17, 8D, 45, D4, 50, 0F, B6, 06, 6A, 08, 50, E8, CA, 5C, 00, 00, 8B, 55, D4, 83, C4, 0C, EB, 10, 0F, B6, 0E, 8B, 82, 90, 00, 00, 00, 0F, B7, 04, 48, 83, E0, 08, 85, C0, 74, 03, 46, EB, CC, 8D, 45, D4, 50, 8D, 45, E4, 56...
 
[+]

Code size:
251 KB (257,024 bytes)

Service
Display name:
Aplicação do Cash 'n Back

Service name:
CashNBack Application

Type:
Win32OwnProcess


The file cashnback.exe has been discovered within the following program.

Cash 'n Back  by RBM Solutions
ncupons.com.br/cashback
About 1% of users remove it
 
Powered by Should I Remove It?

Remove cashnback.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.