home

CouponDropDown.exe

CouponDropDown

Amazing Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application CouponDropDown.exe, “CouponDropDown exe” by Amazing Apps has been detected as adware by 14 anti-malware scanners.
Publisher:
215 Apps  (signed by Amazing Apps)

Product:
CouponDropDown

Description:
CouponDropDown exe

Version:
1.1.149.15

MD5:
29687a7537247bb3d881ab5b507bd3ef

SHA-1:
0ac05308ddae5f6d764f45c5e56098822b8c6d7f

SHA-256:
ecce499ba56a1b1851b3867cd769eda823b362c0f1ace7a25fe02642d1c9a20b

Scanner detections:
14 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
4/19/2024 10:18:54 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.553662
834

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.141024

Bitdefender
Adware.Generic.553662
1.0.20.1485

Boost by Reason
Optional.AmazingApps.O
188838

Dr.Web
Adware.Plugin.24
9.0.1.05190

Emsisoft Anti-Malware
Adware.Generic.553662
14.10.24

ESET NOD32
Win32/Toolbar.CrossRider.E potentially unwanted application
7.0.302.0

F-Secure
Adware.Generic.553662
11.2014-24-10_6

G Data
Adware.Generic.553662
14.10.24

Malwarebytes
PUP.CrossRider.CDD
v2014.10.24.02

MicroWorld eScan
Adware.Generic.553662
15.0.0.891

Reason Heuristics
PUP.AmazingApps.O
14.10.24.1

Sophos
CouponDropDown
4.98

VIPRE Antivirus
Threat.4736651
33706

File size:
431.4 KB (441,728 bytes)

Product version:
1.1.149.15

Copyright:
Copyright 2011

Original file name:
CouponDropDown.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\coupondropdown\coupondropdown.exe

Digital Signature
Signed by:
Amazing Apps

Authority:
Thawte, Inc.

Valid from:
5/1/2012 10:00:00 AM

Valid to:
5/2/2013 9:59:59 AM

Subject:
CN=Amazing Apps, O=Amazing Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2E307885017928B61D4F2CEF5EB10A05

File PE Metadata
Compilation timestamp:
6/5/2012 7:16:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:iI4T2INIZUzY22w3RNKyK9wMV4I4/MdfH8FUllbo63uql1mdj:ifQ8FD6rl1Y

Entry address:
0x42283

Entry point:
E8, BA, 90, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 74, D0, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 40, 96, 46, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 44, A0, 45, 00...
 
[+]

Entropy:
6.4488

Code size:
353.5 KB (361,984 bytes)

Remove CouponDropDown.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.