» CouponDropDown.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

CouponDropDown.dll

CouponDropDown

Excellent Apps

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module CouponDropDown.dll, “CouponDropDown BHO” by Excellent Apps has been detected as adware by 19 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘CrossriderApp0004352’. This file is typically installed with the program CouponDropDown by 215 Apps which is a potentially unwanted software program. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

CouponDropDown.dll

Publisher:

215 Apps (signed by Excellent Apps)

Product:

CouponDropDown

Description:

CouponDropDown BHO

Version:

1.1.151.50

MD5:

9b8c5db1785af45765d231541fe28969

SHA-1:

5611e62f08678fafc21cecdc8a040f3bc68a72ff

SHA-256:

f754ee0177aa41d06eef1dc037332c6db786ed6a848af60530d2054d0421bd16

Scanner detections:

19 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/26/2024 3:00:07 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.Ny9@musXpzfi

357

Avira AntiVirus

ADWARE/CrossRider.Gen2

3.6.1.96

avast!

Win32:Crossrider-AI [PUP]

2014.9-160212

AVG

Potentially harmful program Crossrider_r

2017.0.2835

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.16212

Bitdefender

Gen:Application.Heur.Ny9@musXpzfi

1.0.20.215

Bkav FE

W32.HfsAdware

1.3.0.6379

Emsisoft Anti-Malware

Gen:Application.Heur.Ny9@musXpzfi

8.16.02.12.12

ESET NOD32

Win32/Toolbar.CrossRider.H potentially unwanted (variant)

10.11544

Fortinet FortiGate

Adware/Fam.NB

2/12/2016

F-Prot

W32/S-4ba2f61a

v6.4.7.1.166

F-Secure

Riskware.Gen:Application.Heur.Ny9@musXpzfi

11.2016-12-02_6

G Data

Gen:Application.Heur.Ny9@musXpzfi

16.2.25

K7 AntiVirus

Trojan

13.203.15731

MicroWorld eScan

Gen:Application.Heur.Ny9@musXpzfi

17.0.0.129

Norman

Gen:Application.Heur.Ny9@kusXpzfi

11.20160212

Reason Heuristics

PUP.50OnRed.ExcellentApps (M)

16.2.12.12

Sophos

PUA 'CouponDropDown' (of type Adware)

5.13

VIPRE Antivirus

Threat.4736651

39486

File size:

602.9 KB (617,352 bytes)

Product version:

1.1.151.50

Original file name:

CouponDropDown.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\coupondropdown\coupondropdown.dll

Digital Signature

Signed by:

Excellent Apps

Authority:

Thawte, Inc.

Valid from:

8/29/2012 2:00:00 AM

Valid to:

8/30/2013 1:59:59 AM

Subject:

CN=Excellent Apps, O=Excellent Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

6D2FB6375D3A8788B735FEDBD060732B

Registration

CLSIDs:

{11111111-1111-1111-1111-110011431152}, {22222222-2222-2222-2222-220022432252}

ProgIDs:

CrossriderApp0004352.BHO.1, CrossriderApp0004352.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

11/12/2012 2:12:12 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:mUIXJ8ND/bhpduBwiOOpQAFWrsZhwYOF4rTbT1GuokDmmYN+pPJ:xBD/bhpduBrOOpgrKwjyrT31BokJYN+b

Entry address:

0x3B7DE

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 96, 9A, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 55, C2, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, E0, 7D, 08, 10, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18... 
[+]

Code size:

421 KB (431,104 bytes)

Internet Explorer BHO

Display name:

CrossriderApp0004352

CLSID:

{11111111-1111-1111-1111-110011431152}

CLSID name:

CouponDropDown

The file CouponDropDown.dll has been discovered within the following program.

CouponDropDown by 215 Apps

Coupon Drop Down from 215 Apps installs a web browser plugin that displays coupon deals and other advertisements when users visit various online shopping sites.

coupondropdown.com

84% remove it

Remove CouponDropDown.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.