» coupondropdown-bg.exe
Overview
Analysis
File Details
Programs (1)

coupondropdown-bg.exe

CouponDropDown

Excellent Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application coupondropdown-bg.exe, “CouponDropDown exe” by Excellent Apps has been detected as adware by 9 anti-malware scanners. This file is typically installed with the program CouponDropDown by 215 Apps which is a potentially unwanted software program. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

Publisher:

215 Apps (signed by Excellent Apps)

Product:

CouponDropDown

Description:

CouponDropDown exe

Version:

1.1.151.50

MD5:

1687a251b987c0b2050edb11efe20dc2

SHA-1:

879ab41086b5c0f61a2f83a7a0db4b8f059548a4

SHA-256:

37723a501dcdba81153b1214aeb8af23e2b631a2acc35fa3f4e564fc3e01e74b

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/19/2024 9:07:43 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Cloda60.Trojan

1.3.0.4613

ESET NOD32

Win32/Toolbar.CrossRider (variant)

10.10107

K7 AntiVirus

Trojan

13.180.12747

Malwarebytes

PUP.Optional.DealBoat.A

v2016.02.12.01

McAfee

Artemis!CB0723714A71

5600.6491

Reason Heuristics

PUP.50OnRed.ExcellentApps (M)

16.2.12.13

Sophos

AppRider

4.98

Trend Micro House Call

TROJ_GEN.R0CBH07JO13

7.2.43

VIPRE Antivirus

GamePlayLabs

31328

File size:

926.9 KB (949,128 bytes)

Product version:

1.1.151.50

Original file name:

CouponDropDown.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\coupondropdown\coupondropdown-bg.exe

Digital Signature

Signed by:

Excellent Apps

Authority:

Thawte, Inc.

Valid from:

8/29/2012 2:00:00 AM

Valid to:

8/30/2013 1:59:59 AM

Subject:

CN=Excellent Apps, O=Excellent Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

6D2FB6375D3A8788B735FEDBD060732B

File PE Metadata

Compilation timestamp:

11/12/2012 2:14:14 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:mLbqr/QYb66SyhFdP8MR+IDu3a9nsxNAUgIPOGxNwyxaXHPoIcM06uHZVoU5w3Aw:Z8/+xWQ33pKrd9U/+LfpVh76xaUo3u

Entry address:

0x8A4A5

Entry point:

E8, F4, AC, 00, 00, E9, 89, FE, FF, FF, 2D, A4, 03, 00, 00, 74, 22, 83, E8, 04, 74, 17, 83, E8, 0D, 74, 0C, 48, 74, 03, 33, C0, C3, B8, 04, 04, 00, 00, C3, B8, 12, 04, 00, 00, C3, B8, 04, 08, 00, 00, C3, B8, 11, 04, 00, 00, C3, 8B, FF, 56, 57, 8B, F0, 68, 01, 01, 00, 00, 33, FF, 8D, 46, 1C, 57, 50, E8, AB, CD, FF, FF, 33, C0, 0F, B7, C8, 8B, C1, 89, 7E, 04, 89, 7E, 08, 89, 7E, 0C, C1, E1, 10, 0B, C1, 8D, 7E, 10, AB, AB, AB, B9, A8, 43, 4E, 00, 83, C4, 0C, 8D, 46, 1C, 2B, CE, BF, 01, 01, 00, 00, 8A, 14, 01... 
[+]

Code size:

775.5 KB (794,112 bytes)

The file coupondropdown-bg.exe has been discovered within the following program.

CouponDropDown by 215 Apps

Coupon Drop Down from 215 Apps installs a web browser plugin that displays coupon deals and other advertisements when users visit various online shopping sites.

coupondropdown.com

84% remove it

Remove coupondropdown-bg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.