» shopathome_app_7.10.0.5_c99317114_d1_r1011025.exe
Overview
Analysis
File Details
Downloads (32)

shopathome_app_7.10.0.5_c99317114_d1_r1011025.exe

ShopAtHome.com (Belcaro Group, Inc.)

The application shopathome_app_7.10.0.5_c99317114_d1_r1011025.exe by ShopAtHome.com (Belcaro Group,) has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from toolbar.shopathome.com and multiple other hosts.

File name:

Publisher:

ShopAtHome.com (Belcaro Group, Inc.) (signed and verified)

MD5:

0aa639fc674e7fe1a48439a9d4363a80

SHA-1:

3e7f5b821c3eddec65532fa91a876ce54fdc6b43

SHA-256:

b556b7b645f8d251be43b45716f1ea16a04bbc48bd2ed341e28393849faea842

Scanner detections:

7 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 11:07:10 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3358

Malwarebytes

PUP.Optional.ShopAtHome.A

v2014.09.07.02

McAfee

Artemis!0AA639FC674E

5600.7014

Reason Heuristics

PUP.ShopAtHomeBelcaroGroup.k

14.9.7.14

Sophos

SAHAgent Installer

4.98

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic!SB.0

32788

File size:

189 KB (193,536 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\shopathome_app_7.10.0.5_c99317114_d1_r1011025.exe

Digital Signature

Signed by:

ShopAtHome.com (Belcaro Group, Inc.)

Authority:

Symantec Corporation

Valid from:

6/4/2014 7:00:00 PM

Valid to:

6/28/2017 6:59:59 PM

Subject:

CN="ShopAtHome.com (Belcaro Group, Inc.)", OU=IT, O="ShopAtHome.com (Belcaro Group, Inc.)", L=Greenwood Village, S=Colorado, C=US, SERIALNUMBER=19871692567, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

38E3C208FF559249F35DC2BBDA16136B

File PE Metadata

Compilation timestamp:

2/24/2012 1:21:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:RimWE9ru5RXmsHn4CuVnP+5TNAKx0yD/Gc154kIN/VNRScqfQW:RFF9+2Pnm5NAKx0mPIkE/xFqoW

Entry address:

0x3814

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 1C, C7, 44, 24, 10, 70, 8A, 40, 00, 89, 5C, 24, 18, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, A4, 82, 40, 00, 6A, 08, A3, 58, 89, 44, 00, E8, FA, 28, 00, 00, 53, 68, 60, 01, 00, 00, A3, 68, 88, 44, 00, 8D, 44, 24, 3C, 50, 53, 68, 1F, 8B, 40, 00, FF, 15, 70, 81, 40, 00, 68, 14, 8B, 40, 00, 68, 60, 48, 44, 00, E8, 24, 26, 00, 00, FF, 15, AC, 80, 40, 00, 50, BF, 50, 10, 47, 00, 57, E8, 12, 26... 
[+]

Entropy:

5.9763

Packer / compiler:

Nullsoft install system v2.x

Code size:

27 KB (27,648 bytes)

The file shopathome_app_7.10.0.5_c99317114_d1_r1011025.exe has been seen being distributed by the following 32 URLs.

http://toolbar.shopathome.com/.../download.aspx?subid=70801&owner=dlnopop&refer=92299&src=AFRELX&CID=98326049&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1064360&src=SEPDSE&CID=112781219&DSP=0&bitiid=&finst=true&surl=http://.../shopgold-rewards.html?refer=1064360&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&owner=dlnopop&refer=92269&src=AFFLXX&CID=76026937&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1064382&src=SEPDSE&CID=108424045&DSP=0&bitiid=&finst=true&surl=http://.../popular-grocery-coupons?refer=1064382&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1053379&src=SEPDSE&CID=112811206&DSP=0&bitiid=&finst=true&surl=http://www.shopathome.com/.../rossstores.com?refer=1053379&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&owner=dlnopop&refer=92269&src=AFFLXX&CID=103288329&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&isnew=y&owner=dlnopop&refer=92269&src=AFFLXX&CID=112850640&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1040553&src=SEPDSE&CID=48186421&DSP=0&bitiid=&finst=true&surl=http://www.shopathome.com/.../popeyes.com?refer=1040553&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1048129&src=SEPDSE&CID=98324785&DSP=0&bitiid=&finst=true&surl=http://www.shopathome.com/.../kalahariresorts.com?refer=1048129&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1036525&src=SEPDSE&CID=112853659&DSP=0&bitiid=&finst=true&surl=http://.../coupon-codes?refer=1036525&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1011025&src=SEPDSE&CID=109303977&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons?refer=1011025&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1058843&src=SEPDSE&CID=112536780&DSP=0&bitiid=&finst=true&surl=http://www.shopathome.com/.../northerntool.com?refer=1058843&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1063655&src=SEPDSE&CID=106600941&DSP=0&bitiid=&finst=true&surl=http://.../free-shipping-coupons?refer=1063655&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=1319&owner=dlnopop&refer=92263&src=AFDIGX&CID=105946679&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1052601&src=SEPDSE&CID=94213423&DSP=0&bitiid=&finst=true&surl=http://www.shopathome.com/savings/.../?refer=1052601&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=3ee803ce1b009648e76eba252888d11e&owner=NONBUNDLE&refer=92492&src=AFZTXX&CID=81616146&DSP=0&bitiid=&finst=true&surl=http://.../Free-Stuff.aspx&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1050256&src=SEPDSE&CID=64556085&DSP=0&bitiid=&finst=true&surl=http://.../popular-grocery-coupons?refer=1050256&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&isnew=y&owner=dlnopop&refer=92269&src=AFFLXX&CID=111876222&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1028970&src=SEPDSE&CID=62004634&DSP=0&bitiid=&finst=true&surl=http://.../restaurant-coupons.html?refer=1028970&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1064382&src=SEPDSE&CID=56846910&DSP=0&bitiid=&finst=true&surl=http://.../popular-grocery-coupons?refer=1064382&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1066656&src=SEPDSE&CID=37221171&DSP=0&bitiid=&finst=true&surl=http://www.shopathome.com/.../winningsurveys.com?refer=1066656&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1063883&src=SEPDSE&CID=69337663&DSP=0&bitiid=&finst=true&surl=http://www.shopathome.com//.../amazon.com?refer=1063883&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1061666&src=SEPDSE&CID=112309679&DSP=0&bitiid=&finst=true&surl=http://www.shopathome.com/.../rockauto.com?refer=1061666&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&owner=dlnopop&refer=92269&src=AFFLXX&CID=32041267&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1030579&src=SEPDSE&CID=70165016&DSP=0&bitiid=&finst=true&surl=http://www.shopathome.com/.../panerabread.com?refer=1030579&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1032490&src=SEPDSE&CID=112333937&DSP=0&bitiid=&finst=true&surl=http://www.shopathome.com/.../fandango.com?refer=1032490&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1030805&src=SEPDSE&CID=101410100&DSP=0&bitiid=&finst=true&surl=http://www.shopathome.com/.../winningsurveys.com?refer=1030805&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1058839&src=SEPDSE&CID=112368089&DSP=0&bitiid=&finst=true&surl=http://www.shopathome.com/.../tommiecopper.com?refer=1058839&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1042190&src=SEPDSE&CID=48475297&DSP=0&bitiid=263&finst=true&surl=http://.../travel-zone?refer=1042190&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1030662&src=SEPDSE&CID=1136128&DSP=0&bitiid=&finst=true&surl=http://.../popular-grocery-coupons?refer=1030662&eurl=&turl=

Latest 30 of 32 download URLs

Remove shopathome_app_7.10.0.5_c99317114_d1_r1011025.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.