coupon server.exe

Engaging Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application coupon server.exe by Engaging Apps has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Engaging Apps  (signed and verified)

MD5:
ccf12d67cf7410e41e81194125cbc815

SHA-1:
e429eeee2eb80b02c37038fd2df1532adddc7373

SHA-256:
48cd617a3c675febe711956a3b53b8256d33ea2c3f7ef366e17013e000a9889a

Scanner detections:
19 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/6/2021 1:30:26 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.SmartApps
7.1.1

avast!
Adware-gen [Adw]
150319-1

AVG
Adware Generic5.ARJH
2014.0.4311

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
ApplicUnwnt
21695

Dr.Web
Trojan.Crossrider1.23724
9.0.1.05190

ESET NOD32
multiple threats
7.0.302.0

Fortinet FortiGate
Riskware/SmartApps
4/8/2015

IKARUS anti.virus
AdWare.AdPlugin
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.202.15530

Malwarebytes
PUP.Optional.CouponServer.A
v2015.04.08.11

McAfee
Trojan.Ransom.dx
16.8.708.2

NANO AntiVirus
Trojan.Win32.Crossrider.cxpoek
0.30.10.952

Panda Antivirus
PUP/CouponBar
15.04.08.11

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.50OnRed
15.4.8.18

Sophos
PUA 'Smart Apps Coupon Server' (of type Adware)
5.12

VIPRE Antivirus
Threat.4371328
38882

File size:
1.1 MB (1,103,056 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\software\coupon server.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/3/2013 8:00:00 PM

Valid to:
6/4/2014 7:59:59 PM

Subject:
CN=Engaging Apps, O=Engaging Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
632EEBD9B987BC680D444D8675A26545

File PE Metadata
Compilation timestamp:
2/19/2012 10:01:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
24576:RtM8fwhmrbL79kt+voDU+/ZscTcmcmX32cr30WTDYErADNr:R+N8rbLZxof5Sg3ZRTDYEMDl

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9499  (probably packed)

Code size:
34.5 KB (35,328 bytes)

Remove coupon server.exe - Powered by Reason Core Security