» exec.exe
Overview
Analysis
File Details
Programs (1)

exec.exe

ShopAtHome.com

The application exec.exe by ShopAtHome.com has been detected as a potentially unwanted program by 7 anti-malware scanners. This file is typically installed with the program ShopAtHome.com Helper by Belcaro Group Inc. which is a potentially unwanted software program.

File name:

exec.exe

Publisher:

ShopAtHome.com (signed and verified)

MD5:

4d69774cd6c47a62e3bc294c7b50a450

SHA-1:

a97af02ae875883f0ee3cf7b22a1ff5d6ca03339

Scanner detections:

7 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 5:59:37 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3260

G Data

Win32.Adware.ShopAtHome

14.12.24

Reason Heuristics

PUP.ShopAtHome.B

14.7.22.17

Sophos

SAHAgent

4.98

Trend Micro House Call

Suspicious_GEN.F47V1106

7.2.349

Vba32 AntiVirus

Signed-Adware.Sahat

3.12.26.0

VIPRE Antivirus

ShopAtHome

34876

File size:

59.9 KB (61,368 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\shopathome\shopathomehelper\exec.exe

Digital Signature

Signed by:

ShopAtHome.com

Authority:

VeriSign, Inc.

Valid from:

5/25/2010 7:00:00 PM

Valid to:

6/21/2013 6:59:59 PM

Subject:

CN=ShopAtHome.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ShopAtHome.com, L=Greenwood Village, S=Colorado, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

063168411F371B898EE763E4858518C4

File PE Metadata

Compilation timestamp:

4/25/2012 4:54:25 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

9.0

CTPH (ssdeep):

768:319JvWvdfThXZsLeXKcKRa/pA+D1xTno8qJCS6HH0R9Wa+BnwO0AorIILEbC0Ab:31/yKLZcKRkF1xUJWHM+BnwOk8Chb

Entry address:

0x21D1

Entry point:

E8, C9, 29, 00, 00, E9, A5, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 57, FF, 35, 28, EA, 40, 00, E8, 8E, 24, 00, 00, FF, 35, 24, EA, 40, 00, 8B, F8, 89, 7D, FC, E8, 7E, 24, 00, 00, 8B, F0, 59, 59, 3B, F7, 0F, 82, 83, 00, 00, 00, 8B, DE, 2B, DF, 8D, 43, 04, 83, F8, 04, 72, 77, 57, E8, F7, 2A, 00, 00, 8B, F8, 8D, 43, 04, 59, 3B, F8, 73, 48, B8, 00, 08, 00, 00, 3B, F8, 73, 02, 8B, C7, 03, C7, 3B, C7, 72, 0F, 50, FF, 75, FC, E8, 85, 2A, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 47, 10, 3B, C7, 72, 40, 50, FF, 75... 
[+]

Entropy:

6.3926

Code size:

33.5 KB (34,304 bytes)

The file exec.exe has been discovered within the following program.

ShopAtHome.com Helper by Belcaro Group Inc.

This is the helper application that is installed with the ShopAtHome Toolbar (Browser App).

www.shopathome.com

68% remove it

Remove exec.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.