home

OfferBoulevardW.exe

PennyBee

MY POP SHOP LTD

The application OfferBoulevardW.exe by MY POP SHOP has been detected as adware by 8 anti-malware scanners. This file is typically installed with the program Offer Boulevard by My Pop Shop Ltd. which is a potentially unwanted software program.
Publisher:
MY POP SHOP LTD  (signed and verified)

Product:
PennyBee

Version:
1.0.2.2

MD5:
ad7120e00c0aea09d5b24832db907a75

SHA-1:
d44989a08beaea9c78be60ba63ddccbc5f66d5c7

SHA-256:
fa9460bbc3650a725dad4804ea92fee9dd752483a9e97336e577a72556fe1dc8

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
5/10/2024 8:33:00 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Mypopshop
2015.0.3344

Baidu Antivirus
PUA.MSIL.Linkury
4.0.3.14921

ESET NOD32
MSIL/Toolbar.Linkury (variant)
8.10465

McAfee
Artemis!5F7D5A9A730B
5600.7000

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Reason Heuristics
PUP.MYPOPSHOP.P
14.9.21.21

Trend Micro House Call
Suspicious_GEN.F47V0827
7.2.264

VIPRE Antivirus
Trojan.Win32.Generic
33428

File size:
368.5 KB (377,352 bytes)

Product version:
1.0.2.2

Copyright:
Copyright © 2014

Original file name:
OfferBoulevardW.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\offerboulevard\offerboulevardw.exe

Digital Signature
Signed by:
MY POP SHOP LTD

Authority:
COMODO CA Limited

Valid from:
7/21/2014 7:00:00 PM

Valid to:
7/22/2015 6:59:59 PM

Subject:
CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
35094C1DF20178F98B53D36DE3005002

File PE Metadata
Compilation timestamp:
8/26/2014 6:45:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:ixij7TOp6TePzKF6utsFfwcnEN5vkqQ2jrIin:/yLl9f7n6rQ2/Xn

Entry address:
0x5B76E

Entry point:
FF, 25, 7C, B7, 45, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, B7, 05, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9006

Code size:
358 KB (366,592 bytes)

The file OfferBoulevardW.exe has been discovered within the following program.

Offer Boulevard  by My Pop Shop Ltd.
Offer Boulevard is an adware Internet toolbar/extension that will deliver ads to the browser on web pages that are not affiliated with the ads or the extension.
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to yv-in-f156.1e100.net  (74.125.21.156:80)

TCP (HTTP):
Connects to yv-in-f155.1e100.net  (74.125.21.155:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to 50.23.78.210-static.reverse.softlayer.com  (50.23.78.210:80)

Remove OfferBoulevardW.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.