home

coupon companion-bg.exe

Coupon Companion

Friendly Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application coupon companion-bg.exe, “Coupon Companion exe” by Friendly Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Coupon Companion by 215 Apps which is a potentially unwanted software program.
Publisher:
215 Apps  (signed by Friendly Apps)

Product:
Coupon Companion

Description:
Coupon Companion exe

Version:
1.1.150.20

MD5:
36d141d4b497090ef2efcd5c27cc3758

SHA-1:
5e574a2d1b9c2a930ed2253670de27f97080e270

SHA-256:
22c3f96016b0f5415e36e8d41400d6da4eefc3760b1b90ceefa44ecc075fa1bf

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 6:11:55 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.50OnRed.FriendlyApps (M)
16.2.12.4

File size:
877.4 KB (898,440 bytes)

Product version:
1.1.150.20

Copyright:
Copyright 2011

Original file name:
Coupon Companion.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\coupon companion\coupon companion-bg.exe

Digital Signature
Signed by:
Friendly Apps

Authority:
Thawte, Inc.

Valid from:
4/30/2012 5:00:00 PM

Valid to:
5/1/2013 4:59:59 PM

Subject:
CN=Friendly Apps, O=Friendly Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
56D17D2D52C2BC3A2CECDA129CA33619

File PE Metadata
Compilation timestamp:
8/16/2012 11:13:34 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:co2QBmhmNlZ+Y6qyRDA/sqpy0TYLefHtpL2:B1mIlZ/6/RgsqXUL8L2

Entry address:
0x80B69

Entry point:
E8, 40, A8, 00, 00, E9, 89, FE, FF, FF, 2D, A4, 03, 00, 00, 74, 22, 83, E8, 04, 74, 17, 83, E8, 0D, 74, 0C, 48, 74, 03, 33, C0, C3, B8, 04, 04, 00, 00, C3, B8, 12, 04, 00, 00, C3, B8, 04, 08, 00, 00, C3, B8, 11, 04, 00, 00, C3, 8B, FF, 56, 57, 8B, F0, 68, 01, 01, 00, 00, 33, FF, 8D, 46, 1C, 57, 50, E8, 77, D7, FF, FF, 33, C0, 0F, B7, C8, 8B, C1, 89, 7E, 04, 89, 7E, 08, 89, 7E, 0C, C1, E1, 10, 0B, C1, 8D, 7E, 10, AB, AB, AB, B9, 78, 90, 4D, 00, 83, C4, 0C, 8D, 46, 1C, 2B, CE, BF, 01, 01, 00, 00, 8A, 14, 01...
 
[+]

Entropy:
6.5429

Code size:
732.5 KB (750,080 bytes)

The file coupon companion-bg.exe has been discovered within the following program.

Coupon Companion  by 215 Apps
Coupon Companion by Awesome Apps (215 Apps/ run by 50OnRed) is a Browser Helper Object installed into Internet Explorer that monitors web pages for possible affiliate merchant partners.
coupon-companion.com
86% remove it
 
Powered by Should I Remove It?

Remove coupon companion-bg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.