» lxqvbcbiws32.exe
Overview
Analysis
File Details
Behaviors (1)
Network (3)

lxqvbcbiws32.exe

Coupoon

Part of an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application lxqvbcbiws32.exe by Coupoon has been detected as adware by 15 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “lxqvbcbiws32”.

File name:

lxqvbcbiws32.exe

Publisher:

Coupoon (signed and verified)

MD5:

3c2a0cc2ecf576f9bcebb9df5d82f89b

SHA-1:

540f2b36f86d97d759d0403347df2c99eeb31906

SHA-256:

df5e15331d57d76e579e85253e90aace3a35bc4bc9f87a07cdd693ecd31a777a

Scanner detections:

15 / 68

Status:

Adware

Explanation:

Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:

4/24/2024 10:26:36 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.AdPeak.Y

613

AVG

Generic

2016.0.3091

Baidu Antivirus

Adware.Win32.Adpeak

4.0.3.1561

Bitdefender

Adware.AdPeak.Y

1.0.20.760

Emsisoft Anti-Malware

Adware.AdPeak.Y

8.15.06.01.01

ESET NOD32

Win32/Adware.Adpeak (variant)

9.11710

F-Secure

Adware.AdPeak.Y

11.2015-01-06_2

G Data

Adware.AdPeak

15.6.25

K7 AntiVirus

Adware

13.204.16086

Malwarebytes

PUP.Optional.Coupoon.A

v2015.06.01.01

MicroWorld eScan

Adware.AdPeak.Y

16.0.0.456

nProtect

Adware.AdPeak.Y

15.05.29.01

Reason Heuristics

PUP.AdPeak.Coupoon

15.6.1.9

Sophos

Generic PUA FE

4.98

VIPRE Antivirus

Trojan.Win32.Generic

40692

File size:

607.8 KB (622,392 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\015\lxqvbcbiws32.exe

Digital Signature

Signed by:

Coupoon

Authority:

GlobalSign nv-sa

Valid from:

11/21/2014 3:35:57 PM

Valid to:

11/22/2015 3:35:57 PM

Subject:

E=support@coupoon.org, CN=Coupoon, O=Coupoon, L=Tallahassee, S=FL, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121400C47EC899C3BA485785E2CAB2D79C3

File PE Metadata

Compilation timestamp:

3/22/2015 9:30:51 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

CTPH (ssdeep):

12288:h1f4iPIGWji/SJZSLhOOvtMkJGTLqMIB0EcF9DMo:h1wseZSLPFMsa+6ZMo

Entry address:

0x12931

Entry point:

E8, 96, 0D, 01, 00, E9, 41, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, F0, 10, 49, 00, 89, 0D, EC, 10, 49, 00, 89, 15, E8, 10, 49, 00, 89, 1D, E4, 10, 49, 00, 89, 35, E0, 10, 49, 00, 89, 3D, DC, 10, 49, 00, 66, 8C, 15, 08, 11, 49, 00, 66, 8C, 0D, FC, 10, 49, 00, 66, 8C, 1D, D8, 10, 49, 00, 66, 8C, 05, D4, 10, 49, 00, 66, 8C, 25, D0, 10, 49, 00, 66, 8C, 2D, CC, 10, 49, 00, 9C, 8F, 05, 00, 11, 49, 00, 8B, 45, 00, A3, F4, 10, 49, 00, 8B, 45, 04, A3, F8, 10, 49, 00, 8D, 45, 08, A3, 04, 11, 49, 00, 8B... 
[+]

Entropy:

6.3577

Code size:

380 KB (389,120 bytes)

Service

Display name:

lxqvbcbiws32

Type:

Win32OwnProcess

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to s3-1.amazonaws.com (54.231.96.64:80)

Remove lxqvbcbiws32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.