» couponamazing.exe
Overview
Analysis
File Details
Downloads (1)

couponamazing.exe

AdPeak, Inc

This is the instaler for an an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application couponamazing.exe by AdPeak, Inc has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. The file has been seen being downloaded from cdn.bispd.com.

File name:

couponamazing.exe

Publisher:

AdPeak, Inc (signed and verified)

MD5:

65888b838e4d2a92b5f482746eabe532

SHA-1:

8e9a6f65d7960a7c90c627e2760fb5c416bd244c

SHA-256:

b441fee65184b76733498f5e98d0e9f6328988015422d1ecd6c19fee8f83f789

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:

4/27/2024 3:08:11 AM UTC (today)

Scan engine

Detection

Engine version

AVG

MalSign.Generic

2014.0.3643

Boost by Reason

Adware.AdPeak.N

2013.8.28.0

Dr.Web

Trojan.MulDrop4.22900

9.0.1.0240

Reason Heuristics

PUP.AdPeak.N

14.8.7.19

Sophos

AdPeak

4.95

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

VIPRE Antivirus

Adware.Adpeak

24002

File size:

79.4 KB (81,352 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\downloads\couponamazing.exe

Digital Signature

Signed by:

AdPeak, Inc

Authority:

GoDaddy.com, Inc.

Valid from:

8/3/2012 11:55:39 AM

Valid to:

9/16/2013 10:43:44 AM

Subject:

CN="AdPeak, Inc", O="AdPeak, Inc", L=Sarasota, S=FL, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

042CD88817C44D

File PE Metadata

Compilation timestamp:

10/2/2012 1:24:21 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

1536:T1S0s2WhwyAhPtEPGJLNdlN18T3BJx5MQdYiUnUdtUar3FmRlcX:T1Srh2tEPKLlN1y3BJx5MQdKOU9OX

Entry address:

0x39B0

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 93, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 3E, 43, 00, 00, 6A, 00, E8, A7, 46, 00, 00, A3, 88, 0C, 44, 00, 6A, 08, E8, 72, 28, 00, 00, A3, 38, 0D, 44, 00, 8D, 85, 90, FE, FF, FF, 6A, 00, 68, 60, 01, 00, 00, 50, 6A, 00, 68, A4, A2, 40, 00, E8, EC, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 0D, 44, 00, E8, 92, 2A, 00, 00, 83, C4, 18, E8, FA, 42, 00, 00, 52, 52, 50, 68, 00, 30, 47, 00, E8, 7D, 2A, 00, 00, 57, 6A, 00, E8, 4D, 42, 00, 00, 83... 
[+]

Entropy:

6.7021

Code size:

28.5 KB (29,184 bytes)

The file couponamazing.exe has been seen being distributed by the following URL.

http://cdn.bispd.com/mirror/.../couponamazing.exe

Remove couponamazing.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.