» coupon server.exe
Overview
Analysis
File Details

coupon server.exe

Engaging Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application coupon server.exe by Engaging Apps has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

coupon server.exe

Publisher:

Engaging Apps (signed and verified)

MD5:

ccf12d67cf7410e41e81194125cbc815

SHA-1:

e429eeee2eb80b02c37038fd2df1532adddc7373

SHA-256:

48cd617a3c675febe711956a3b53b8256d33ea2c3f7ef366e17013e000a9889a

Scanner detections:

19 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/25/2024 4:52:34 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.SmartApps

7.1.1

avast!

Adware-gen [Adw]

150319-1

AVG

Adware Generic5.ARJH

2014.0.4311

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

ApplicUnwnt

21695

Dr.Web

Trojan.Crossrider1.23724

9.0.1.05190

ESET NOD32

multiple threats

7.0.302.0

Fortinet FortiGate

Riskware/SmartApps

4/8/2015

IKARUS anti.virus

AdWare.AdPlugin

t3scan.1.8.9.0

K7 AntiVirus

Unwanted-Program

13.202.15530

Malwarebytes

PUP.Optional.CouponServer.A

v2015.04.08.11

McAfee

Trojan.Ransom.dx

16.8.708.2

NANO AntiVirus

Trojan.Win32.Crossrider.cxpoek

0.30.10.952

Panda Antivirus

PUP/CouponBar

15.04.08.11

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.50OnRed

15.4.8.18

Sophos

PUA 'Smart Apps Coupon Server' (of type Adware)

5.12

VIPRE Antivirus

Threat.4371328

38882

File size:

1.1 MB (1,103,056 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\software\coupon server.exe

Digital Signature

Signed by:

Engaging Apps

Authority:

Thawte, Inc.

Valid from:

6/3/2013 8:00:00 PM

Valid to:

6/4/2014 7:59:59 PM

Subject:

CN=Engaging Apps, O=Engaging Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

632EEBD9B987BC680D444D8675A26545

File PE Metadata

Compilation timestamp:

2/19/2012 10:01:49 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

24576:RtM8fwhmrbL79kt+voDU+/ZscTcmcmX32cr30WTDYErADNr:R+N8rbLZxof5Sg3ZRTDYEMDl

Entry address:

0x4327

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.9499 (probably packed)

Code size:

34.5 KB (35,328 bytes)

Remove coupon server.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.