home

coupon caddy64.exe

Coupon Caddy

Innovative Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application coupon caddy64.exe by Innovative Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Innovative Apps  (signed and verified)

Product:
Coupon Caddy

Description:
Coupon Caddy exe

Version:
1000.1000.1000.1000

MD5:
fc6285f854b3935186ee279853f6df1f

SHA-1:
2264aa3d9d4e2d880eef684eea94088ca0d5f5b6

SHA-256:
09c6d3539839fc63aa5728a5712ec35b287bf1769ff873b745059ebb5ae8fe6c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/16/2024 8:15:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.50OnRed.InnovativeApps (M)
16.2.15.16

File size:
166.4 KB (170,376 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Coupon Caddy.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\coupon caddy\coupon caddy64.exe

Digital Signature
Signed by:
Innovative Apps

Authority:
Thawte, Inc.

Valid from:
1/9/2013 1:00:00 AM

Valid to:
1/10/2014 12:59:59 AM

Subject:
CN=Innovative Apps, O=Innovative Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5419E32FDAD7A6E5666A35066C5EAAC5

File PE Metadata
Compilation timestamp:
3/21/2013 9:56:42 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:UUzDwF75PL5t1W/vnradqaGKwLAMwJyi9fkTzHzUz5ARrU4FjV71WBDtTN/wqqJN:UCE50nC+KwUM0XKTzDBJqDqGrZqJfYSZ

Entry address:
0x10048

Entry point:
48, 83, EC, 28, E8, 7F, 52, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, 40, 53, 48, 83, EC, 30, 48, 8B, D9, B9, 0E, 00, 00, 00, E8, 21, 55, 00, 00, 90, 48, 8B, 43, 08, 48, 85, C0, 74, 3F, 48, 8B, 0D, 68, 74, 01, 00, 48, 8D, 15, 59, 74, 01, 00, 48, 89, 4C, 24, 20, 48, 85, C9, 74, 19, 48, 39, 01, 75, 0F, 48, 8B, 41, 08, 48, 89, 42, 08, E8, A5, E5, FF, FF, EB, 05, 48, 8B, D1, EB, DD, 48, 8B, 4B, 08, E8, 95, E5, FF, FF, 48, 83, 63, 08, 00, B9, 0E, 00, 00, 00, E8, CE, 53, 00, 00, 48, 83, C4, 30, 5B, C3...
 
[+]

Entropy:
5.9227

Code size:
99 KB (101,376 bytes)

Remove coupon caddy64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.