» exec.exe
Overview
Analysis
File Details
Programs (1)

exec.exe

ShopAtHome.com (Belcaro Group, Inc)

The application exec.exe by ShopAtHome.com (Belcaro Group, Inc) has been detected as a potentially unwanted program by 5 anti-malware scanners. This file is typically installed with the program ShopAtHome.com Helper by Belcaro Group Inc. which is a potentially unwanted software program.

File name:

exec.exe

Publisher:

ShopAtHome.com (Belcaro Group, Inc) (signed and verified)

MD5:

cbd040b671789c203ff35c49d35d4a80

SHA-1:

0ba0264d1df8feeda3007a85037a242ef8ce3ee5

SHA-256:

6afda0cf5d97c115c93db97970434551ced7ba6da5c0424d437790f309dc188b

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 11:30:57 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3260

G Data

Win32.Adware.ShopAtHome

14.12.24

Reason Heuristics

PUP.ShopAtHomeBelcaroGroup.B

14.7.17.10

Trend Micro House Call

Suspicious_GEN.F47V1106

7.2.349

VIPRE Antivirus

ShopAtHome

34876

File size:

60.6 KB (62,096 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\shopathome\shopathomehelper\exec.exe

Digital Signature

Signed by:

ShopAtHome.com (Belcaro Group, Inc)

Authority:

Symantec Corporation

Valid from:

5/21/2013 8:00:00 PM

Valid to:

6/6/2014 7:59:59 PM

Subject:

CN="ShopAtHome.com (Belcaro Group, Inc)", O="ShopAtHome.com (Belcaro Group, Inc)", L=Greenwood Village, S=Colorado, C=US, SERIALNUMBER=19871692567, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

05AACC1DBAF989DD6997926C9649BAEF

File PE Metadata

Compilation timestamp:

4/25/2012 5:54:25 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

768:O619JvWvdfThXZsLeXKcKRa/pA+D1xTno8qJCS6HH0R9Wa+BnwO0Aodo6PMCS:O61/yKLZcKRkF1xUJWHM+BnwO1CS

Entry address:

0x21D1

Entry point:

E8, C9, 29, 00, 00, E9, A5, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 57, FF, 35, 28, EA, 40, 00, E8, 8E, 24, 00, 00, FF, 35, 24, EA, 40, 00, 8B, F8, 89, 7D, FC, E8, 7E, 24, 00, 00, 8B, F0, 59, 59, 3B, F7, 0F, 82, 83, 00, 00, 00, 8B, DE, 2B, DF, 8D, 43, 04, 83, F8, 04, 72, 77, 57, E8, F7, 2A, 00, 00, 8B, F8, 8D, 43, 04, 59, 3B, F8, 73, 48, B8, 00, 08, 00, 00, 3B, F8, 73, 02, 8B, C7, 03, C7, 3B, C7, 72, 0F, 50, FF, 75, FC, E8, 85, 2A, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 47, 10, 3B, C7, 72, 40, 50, FF, 75... 
[+]

Entropy:

6.4205

Code size:

33.5 KB (34,304 bytes)

The file exec.exe has been discovered within the following program.

ShopAtHome.com Helper by Belcaro Group Inc.

This is the helper application that is installed with the ShopAtHome Toolbar (Browser App).

www.shopathome.com

68% remove it

Remove exec.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.