» CouponDropDown.dll
Overview
Analysis
File Details
Behaviors (1)

CouponDropDown.dll

CouponDropDown

Awesome Apps

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module CouponDropDown.dll, “CouponDropDown BHO” by Awesome Apps has been detected as adware by 28 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘CrossriderApp0004352’. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

CouponDropDown.dll

Publisher:

215 Apps (signed by Awesome Apps)

Product:

CouponDropDown

Description:

CouponDropDown BHO

Version:

1.1.151.46

MD5:

a3065867102e74c67221244f6a7c089d

SHA-1:

aa9b6561e95d2d7345ead1cd06f0210378f7e4d9

SHA-256:

34c1acf115f5cbb80e8e56f35c9926d9ec5784949791e2bc41da2c92a36f107b

Scanner detections:

28 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/25/2024 1:24:17 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.Ly9@m4yFzDpi

367

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

Avira AntiVirus

ADWARE/CrossRider.Gen2

8.3.1.6

avast!

Win32:Crossrider-AI [PUP]

2014.9-160203

AVG

Crossrider

2017.0.2845

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.1623

Bitdefender

Gen:Application.Heur.Ly9@m4yFzDpi

1.0.20.170

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Agent-5646

0.98/21511

Comodo Security

ApplicUnwnt

22366

Dr.Web

Trojan.Crossrider1.26368

9.0.1.034

Emsisoft Anti-Malware

Gen:Application.Heur.Ly9@k4j8zMki

8.16.02.03.09

ESET NOD32

Win32/Toolbar.CrossRider.A potentially unwanted (variant)

10.11746

Fortinet FortiGate

Riskware/Toolbar_CrossRider

2/3/2016

F-Secure

Gen:Application.Heur.Ly9@m4yFzDpi

11.2016-03-02_4

G Data

Gen:Application.Heur.Ly9@m4yFzDpi

16.2.25

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.204.16151

Malwarebytes

PUP.CrossRider.CDD

v2016.02.03.09

McAfee

Artemis!B13E99D6829F

5600.6501

MicroWorld eScan

Gen:Application.Heur.Ly9@m4yFzDpi

17.0.0.102

NANO AntiVirus

Riskware.Win32.Plugin.danzvm

0.30.24.1636

Reason Heuristics

PUP.50OnRed.AwesomeApps (M)

16.2.3.9

Sophos

CouponDropDown

4.98

Trend Micro House Call

TROJ_GEN.R0C1C0OA915

7.2.34

Trend Micro

TROJ_GEN.R0C1C0OA915

10.465.03

VIPRE Antivirus

GamePlayLabs

40904

Zillya! Antivirus

Backdoor.Pigeon.Win32.881

2.0.0.2210

File size:

602.9 KB (617,344 bytes)

Product version:

1.1.151.46

Original file name:

CouponDropDown.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\coupondropdown\coupondropdown.dll

Digital Signature

Signed by:

Awesome Apps

Authority:

Thawte, Inc.

Valid from:

8/28/2012 6:00:00 PM

Valid to:

8/29/2013 5:59:59 PM

Subject:

CN=Awesome Apps, O=Awesome Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3D0C9CCF6A7D44B9FDA1963A424319BA

File PE Metadata

Compilation timestamp:

10/25/2012 7:22:39 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:1oJru/bPsxxzmst476G/v/hl9SNOlxe7C3X6ia3SAdZE9ml1++:8u/bPsxxzni6w/xSYL5XTCSA/EUQ+

Entry address:

0x3B78E

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 96, 9A, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 55, C2, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, E0, 7D, 08, 10, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18... 
[+]

Entropy:

6.5991

Code size:

421 KB (431,104 bytes)

Internet Explorer BHO

Display name:

CrossriderApp0004352

CLSID:

{11111111-1111-1111-1111-110011431152}

CLSID name:

CouponDropDown

Remove CouponDropDown.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.