home

catalinasavingsprinter.exe

Catalina Savings Printer

Catalina Marketing Corp.

The application catalinasavingsprinter.exe, “Setup Launcher Unicode” by Catalina Marketing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. This file is typically installed with the program Coupon Printer for Windows by Coupons.com Incorporated which is a potentially unwanted software program. The file has been seen being downloaded from print.couponnetwork.com.
Publisher:
Catalina Marketing Corp  (signed by Catalina Marketing Corp.)

Product:
Catalina Savings Printer

Description:
Setup Launcher Unicode

Version:
1.0.0

MD5:
2ddd363370f0f5a6c534c73b9d2754b1

SHA-1:
52e580935b800c6236f1aff6903dee8d83adab54

SHA-256:
a58cae843fc44a705fa78bebd6e46a82c82d173529d949d83744188df18d1d2f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/18/2024 7:59:54 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.CatalinaMarketingCorp.W
14.3.2.10

File size:
3.7 MB (3,834,608 bytes)

Product version:
1.0.0

Copyright:
Copyright (C) 2011 Flexera Software, Inc. and/or InstallShield Co. Inc. All Rights Reserved.

Original file name:
InstallShield Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\catalinasavingsprinter.exe

Digital Signature
Signed by:
Catalina Marketing Corp.

Authority:
Thawte, Inc.

Valid from:
6/3/2013 8:00:00 PM

Valid to:
6/23/2015 7:59:59 PM

Subject:
CN=Catalina Marketing Corp., OU=Catalina Marketing Corp., O=Catalina Marketing Corp., L=Saint Petersburg, S=Florida, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0A236906277CCA1D180B2EC92A3F5D7D

File PE Metadata
Compilation timestamp:
11/2/2011 1:08:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:nxFfWb52LVbGc2JO+f3mF1zzRFcmx08FbKS5:xFg2BiO+f3mnXR6KFbKS5

Entry address:
0x6A96B

Entry point:
E8, 6E, 27, 01, 00, E9, 79, FE, FF, FF, 85, C0, 74, 0D, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 0F, B6, 00, 0F, B6, 09, 2B, C1, 74, 0D, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 66, 8B, 06, 66, 3B, 01, 74, 35, 0F, B6, 11, 0F, B6, C0, 2B, C2, 74, 11, 33, D2, 85, C0, 0F, 9F, C2, 8D, 54, 12, FF, 8B, C2, 85, C0, 75, 1C, 0F, B6, 46, 01, 0F, B6, 49, 01, 2B, C1, 74, 10, 33, C9, 85, C0, 0F, 9F, C1, 8D, 4C, 09, FF, 8B, C1, C3, 33, C0, C3, 8B, 06, 3B, 01, 74, 6F, 0F, B6, 11, 0F, B6, C0...
 
[+]

Entropy:
7.7854  (probably packed)

Code size:
696.5 KB (713,216 bytes)

The file catalinasavingsprinter.exe has been discovered within the following program.

Coupon Printer for Windows  by Coupons.com Incorporated
Coupon Printer for Windows is software that allows users to build and print coupons that will be accepted at retail stores from Coupons.com. The printer application also bundles the CouponBar, a web browser toolbar.
www.coupons.com
69% remove it
 
Powered by Should I Remove It?

The file catalinasavingsprinter.exe has been seen being distributed by the following URL.

http://print.couponnetwork.com/cif/download/.../UPA/1.0.0/WIN/.../CatalinaSavingsPrinter.exe

Remove catalinasavingsprinter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.