home

shopathome_app_7.10.6.17_c93350159_d1_r1067819.exe

ShopAtHome.com (Belcaro Group, Inc.)

The application shopathome_app_7.10.6.17_c93350159_d1_r1067819.exe by ShopAtHome.com (Belcaro Group,) has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from toolbar.shopathome.com and multiple other hosts.
Publisher:
ShopAtHome.com (Belcaro Group, Inc.)  (signed and verified)

MD5:
ebfd6fb044cccae885348eed3b4898bd

SHA-1:
51579b103c5a62bc8f662b8f1e9b7130f8a8fa5a

SHA-256:
964b451b356eecd4890d1dbe0e141b40784447f8eaa30ffcfc528d0dc6e7be71

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 6:16:32 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3029

Dr.Web
Adware.Shopper.947
9.0.1.0214

G Data
Win32.Adware.ShopAtHome
15.8.25

K7 AntiVirus
Riskware
13.207.16740

Reason Heuristics
PUP.ShopAtHome.ShopAtHomeBelcaroGroup.Installer (M)
15.8.2.22

Sophos
SAHAgent
4.98

VIPRE Antivirus
ShopAtHome
42464

File size:
835.2 KB (855,288 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\shopathome_app_7.10.6.17_c93350159_d1_r1067819.exe

Digital Signature
Signed by:
ShopAtHome.com (Belcaro Group, Inc.)

Authority:
Symantec Corporation

Valid from:
6/4/2014 7:00:00 PM

Valid to:
6/28/2017 6:59:59 PM

Subject:
CN="ShopAtHome.com (Belcaro Group, Inc.)", OU=IT, O="ShopAtHome.com (Belcaro Group, Inc.)", L=Greenwood Village, S=Colorado, C=US, SERIALNUMBER=19871692567, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
38E3C208FF559249F35DC2BBDA16136B

File PE Metadata
Compilation timestamp:
2/24/2012 1:21:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:jmH0anefPZMGiFgJ03OV86IbQrFBjSeqS:+n63iaKjPbCjHj

Entry address:
0x3814

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 1C, C7, 44, 24, 10, 70, 8A, 40, 00, 89, 5C, 24, 18, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, A4, 82, 40, 00, 6A, 08, A3, 58, 89, 44, 00, E8, FA, 28, 00, 00, 53, 68, 60, 01, 00, 00, A3, 68, 88, 44, 00, 8D, 44, 24, 3C, 50, 53, 68, 1F, 8B, 40, 00, FF, 15, 70, 81, 40, 00, 68, 14, 8B, 40, 00, 68, 60, 48, 44, 00, E8, 24, 26, 00, 00, FF, 15, AC, 80, 40, 00, 50, BF, 50, 10, 47, 00, 57, E8, 12, 26...
 
[+]

Entropy:
7.8469

Packer / compiler:
Nullsoft install system v2.x

Code size:
27 KB (27,648 bytes)

The file shopathome_app_7.10.6.17_c93350159_d1_r1067819.exe has been seen being distributed by the following 50 URLs.

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1063868&src=SEPDSE&CID=44423774&DSP=0&bitiid=&finst=true&surl=http://.../ps-retail?refer=1063868&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1066654&src=SEPDSE&CID=122407544&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1066654&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1075823&src=SEPDSE&CID=58797866&DSP=0&bitiid=&finst=true&surl=http://.../ps-meals-groceries?refer=1075823&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1063883&src=SEPDSE&CID=121785096&DSP=0&bitiid=&finst=true&surl=http://.../ps-retail?refer=1063883&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1056752&src=SEPDSE&CID=121589804&DSP=0&bitiid=&finst=true&surl=http://.../airportparkingreservations-coupons.html?src=SEPDSE&refer=1056752#sid=0&refer=1056752&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1067817&src=SEPDSE&CID=82242042&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1067817&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1066663&src=SEPDSE&CID=121159715&DSP=0&bitiid=350&finst=true&surl=http://.../ps-restaurant?refer=1066663&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1066801&src=SEPDSE&CID=121722277&DSP=0&bitiid=&finst=true&surl=http://.../ps-outlet?refer=1066801&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1066829&src=SEPDSE&CID=106482005&DSP=0&bitiid=&finst=true&surl=http://.../coupon-codes?refer=1066829&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1069330&src=YPSBAF&CID=122592962&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1069330&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1064360&src=SEPDSE&CID=40395819&DSP=0&bitiid=&finst=true&surl=http://.../ps-free-samples?refer=1064360&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1032302&src=SEPDSE&CID=110476043&DSP=0&bitiid=&finst=true&surl=http://.../ps-restaurant?refer=1032302&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1066655&src=SEPDSE&CID=120499250&DSP=0&bitiid=&finst=true&surl=http://.../lifescript-coupons.html?src=SEPDSE&refer=1066655#sid=0&refer=1066655&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1067817&src=SEPDSE&CID=122599292&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1067817&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1040006&src=SEPDSE&CID=122116684&DSP=0&bitiid=&finst=true&surl=http://.../trustedtours-coupons.html?src=SEPDSE&refer=1040006#sid=0&refer=1040006&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1030805&src=SEPDSE&CID=119294304&DSP=0&bitiid=&finst=true&surl=http://.../sandalsresorts-coupons.html?src=SEPDSE&refer=1030805#sid=53898673&refer=1030805&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1066810&src=SEPDSE&CID=122472439&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1066810&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1058619&src=SEPDSE&CID=52799936&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons-view-all?refer=1058619&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1066513&src=SEPDSE&CID=24259557&DSP=0&bitiid=&finst=true&surl=http://.../hobbylobby-coupons.html?refer=1066513&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1069238&src=SEPDSE&CID=106811523&DSP=0&bitiid=&finst=true&surl=http://.../popeyes-coupons.html?refer=1069238&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1049949&src=SEPDSE&CID=122515251&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1049949&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1069365&src=SEPDSE&CID=57013950&DSP=0&bitiid=&finst=true&surl=http://.../walmart-coupons.html?src=SEPDSE&refer=1069365#sid=51819445&refer=1069365&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1069377&src=YPSBAF&CID=122595789&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1069377&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1046944&src=SEPDSE&CID=121348489&DSP=0&bitiid=&finst=true&surl=http://.../ps-toiletry?refer=1046944&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1057587&src=BPSBAF&CID=122656415&DSP=0&bitiid=&finst=true&surl=http://.../dollargeneral-coupons.html?refer=1057587&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1047758&src=SEPDSE&CID=68226895&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1047758&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1068818&src=SEPDSE&CID=122154351&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1068818&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&isnew=y&owner=dlnopop&refer=92269&src=AFFLXX&CID=120682939&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1066654&src=SEPDSE&CID=114764368&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1066654&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1075805&src=SEPDSE&CID=45291204&DSP=0&bitiid=&finst=true&surl=http://.../ps-meals?refer=1075805&eurl=&turl=

Latest 30 of 720 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.