» coupon server.exe
Overview
Analysis
File Details

coupon server.exe

Appealing Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application coupon server.exe by Appealing Apps has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

coupon server.exe

Publisher:

Appealing Apps (signed and verified)

MD5:

a4839753a8817f1a94e5161603c8108b

SHA-1:

0b83ecf499b57b5195fc27e25312d886d3ba4454

SHA-256:

bfb80676a24f6f3cde13a27eb44ea6d3cd2c22363bf6c62b07ef83f6f0881e25

Scanner detections:

13 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/26/2024 8:10:29 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Malware-gen

2014.9-140722

AVG

Adware Generic5.AZVQ

2014.0.3986

Dr.Web

Trojan.Crossrider.17026

9.0.1.05190

ESET NOD32

multiple threats

7.0.302.0

G Data

Win32.Adware.Smartapps

14.7.24

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.CouponServer.A

v2014.07.22.09

McAfee

Artemis!AC5C3F41E630

5600.7062

Reason Heuristics

PUP.AppealingApps.N

14.8.7.17

Sophos

Smart Apps Coupon Server

4.98

Trend Micro House Call

TROJ_GE.53B86BEE

7.2.203

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Threat.4750557

31208

File size:

1.3 MB (1,387,912 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\software\coupon server.exe

Digital Signature

Signed by:

Appealing Apps

Authority:

Thawte, Inc.

Valid from:

6/4/2013 2:00:00 AM

Valid to:

6/5/2014 1:59:59 AM

Subject:

CN=Appealing Apps, O=Appealing Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0444AA3B06F7BBDC2E37AF0824FB38C7

File PE Metadata

Compilation timestamp:

2/19/2012 4:01:49 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

24576:ft96/xkRPbY9fqnf+GUtJPcJwLWpGu25VZfgO4+MWqjcicV:fPocMfqnffMRcmeM5fgOvM4NV

Entry address:

0x4327

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Code size:

34.5 KB (35,328 bytes)

Remove coupon server.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.