home

coupon server.exe

Smart Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application coupon server.exe by Smart Apps has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Smart Apps  (signed and verified)

MD5:
f0bf8d14229a215fd150262e37f9d303

SHA-1:
eef13e826c6681566d80111be4ad203e2273ed85

SHA-256:
905222e3d7554fb4d7acff628da02298bea94ecba9e72df7fbd9133a578105de

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
4/20/2024 12:02:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.678694
827

Agnitum Outpost
PUA.SmartApps
7.1.1

AVG
Adware Generic5.ANFX
2014.0.4189

Bitdefender
Application.Generic.678694
1.0.20.1520

Comodo Security
ApplicUnwnt
19952

Dr.Web
Adware.Plugin.111
9.0.1.0304

ESET NOD32
Win32/AdWare.SmartApps
8.10648

F-Secure
Application.Generic.678694
11.2014-31-10_6

G Data
Application.Generic.678694
14.10.24

IKARUS anti.virus
AdWare.Win32.Smartapps
t3scan.1.8.3.0

K7 AntiVirus
Adware
13.185.13853

Malwarebytes
PUP.Optional.CouponServer.A
v2014.10.31.04

MicroWorld eScan
Application.Generic.678694
15.0.0.912

NANO AntiVirus
Trojan.Win32.SmartApps.cvcsrn
0.28.6.62995

Reason Heuristics
PUP.SmartApps.N
14.10.31.4

Rising Antivirus
PE:Trojan.Win32.Generic.16754FE3!376786915
23.00.65.141029

Sophos
Generic PUA LD
4.98

VIPRE Antivirus
GamePlayLabs
34392

Zillya! Antivirus
Downloader.Psyme.VBS.1
2.0.0.1973

File size:
1 MB (1,081,968 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\software\coupon server.exe

Digital Signature
Signed by:
Smart Apps

Authority:
Thawte, Inc.

Valid from:
3/25/2013 1:00:00 AM

Valid to:
3/26/2014 12:59:59 AM

Subject:
CN=Smart Apps, O=Smart Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7CAFCF7841E5BDDF79F61691D678D0EC

File PE Metadata
Compilation timestamp:
2/19/2012 4:01:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
24576:QtM8uEmzV/bE6ArXeDTta2TItzAzcNW4qHnXwzOmPTNQ:Q+oXeta2TIthN5qHAzOmLe

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

Remove coupon server.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.