» cupones.es-buttonutil64.exe
Overview
Analysis
File Details

cupones.es-buttonutil64.exe

Cupones.es

Mein Gutscheincode GmbH

The application cupones.es-buttonutil64.exe by Mein Gutscheincode GmbH has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

Mein Gutscheincode GmbH (signed and verified)

Product:

Cupones.es

Description:

Cupones.es exe

Version:

1000.1000.1000.1000

MD5:

7b4e16ef34464f75ad95ffafdb767a03

SHA-1:

ce776db7b00a4d29224ff0b0518245e6c2deb31c

SHA-256:

37b79a1da1dc443a18c62c1428a5e995e2d954f856df1e64eae7fd0ed6bced6f

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will download and install new code and Javascript updates for the extension.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Mein Gutscheincode GmbH.

Analysis date:

4/19/2024 4:52:46 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Crossrider.MeinGutscheincode (M)

16.1.31.3

File size:

293.6 KB (300,680 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Cupones.es.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\cupones.es\cupones.es-buttonutil64.exe

Digital Signature

Signed by:

Mein Gutscheincode GmbH

Authority:

VeriSign, Inc.

Valid from:

3/25/2013 1:00:00 AM

Valid to:

3/26/2015 12:59:59 AM

Subject:

CN=Mein Gutscheincode GmbH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mein Gutscheincode GmbH, L=Berlin, S=Berlin, C=DE

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6DC967C1E9C4DBE86E88DB14D51147D4

File PE Metadata

Compilation timestamp:

4/23/2013 5:40:20 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:HLwjrnDD9DlRVoZWx2CK+Y7Kec2WTBj8mB/OjLLd+:rwXNFoZNhdWTgLd+

Entry address:

0x29580

Entry point:

48, 83, EC, 28, E8, 7B, 03, 00, 00, 48, 83, C4, 28, E9, 1E, FD, FF, FF, FF, 25, 10, 5F, 00, 00, FF, 25, 02, 5F, 00, 00, FF, 25, F4, 5E, 00, 00, FF, 25, E6, 5E, 00, 00, FF, 25, D8, 5E, 00, 00, FF, 25, CA, 5E, 00, 00, FF, 25, BC, 5E, 00, 00, FF, 25, AE, 5E, 00, 00, FF, 25, A0, 5E, 00, 00, FF, 25, 92, 5E, 00, 00, FF, 25, 84, 5E, 00, 00, FF, 25, 76, 5E, 00, 00, FF, 25, 68, 5E, 00, 00, FF, 25, 5A, 5E, 00, 00, FF, 25, 4C, 5E, 00, 00, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 31, DB, 01, 00, FF... 
[+]

Code size:

181.5 KB (185,856 bytes)

Remove cupones.es-buttonutil64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.