home

cupones.es-bg.exe

Cupones.es

Mein Gutscheincode GmbH

The application cupones.es-bg.exe by Mein Gutscheincode GmbH has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads.
Publisher:
Mein Gutscheincode GmbH  (signed and verified)

Product:
Cupones.es

Description:
Cupones.es exe

Version:
1000.1000.1000.1000

MD5:
3189c323d5ba61e870939f42dbed1394

SHA-1:
668c975f7bc4cb07dc969e54ed9b001a20ed1dfc

SHA-256:
ef85257675d2631d3fe41a22ba90eed8000d95689123b0654e429aa1b3b17eac

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Mein Gutscheincode GmbH.

Analysis date:
4/20/2024 3:25:01 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider.MeinGutscheincode (M)
16.2.15.7

File size:
856.6 KB (877,192 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Cupones.es.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cupones.es\cupones.es-bg.exe

Digital Signature
Signed by:
Mein Gutscheincode GmbH

Authority:
VeriSign, Inc.

Valid from:
3/25/2013 1:00:00 AM

Valid to:
3/26/2015 12:59:59 AM

Subject:
CN=Mein Gutscheincode GmbH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mein Gutscheincode GmbH, L=Berlin, S=Berlin, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6DC967C1E9C4DBE86E88DB14D51147D4

File PE Metadata
Compilation timestamp:
4/23/2013 5:35:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:+ChVRkM6SW3AYXA3llm7iFhYiR/408/KGisKTQxogmNbUPKn8DuBf7+TWFnw98R:+CS1SoQVlm7OYSyvhKYpOR8aBqTWFJR

Entry address:
0x72CF0

Entry point:
E8, 69, AD, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, E8, 30, 4D, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, EC, 30, 4D, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 55, 0E, 00, 00, 85, C0, 75, 06, B8, 50, 32, 4D, 00, C3, 83, C0, 08, C3, E8, 42, 0E, 00, 00, 85, C0, 75, 06, B8, 54, 32, 4D, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08...
 
[+]

Code size:
694.5 KB (711,168 bytes)

Remove cupones.es-bg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.