» shopathome_app_c81594025_d1_r92269.exe
Overview
Analysis
File Details
Downloads (14)

shopathome_app_c81594025_d1_r92269.exe

ShopAtHome.com

The application shopathome_app_c81594025_d1_r92269.exe by ShopAtHome.com has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from toolbar.shopathome.com and multiple other hosts.

File name:

Publisher:

ShopAtHome.com (signed and verified)

MD5:

43eb344d63ce84f5c432db64397441cd

SHA-1:

98b1a9575ab4834ae9a6b4683d91fe9851687d64

SHA-256:

5056fcdec97042c707c2ce728e1ece40e9e1dcc0797a1e76a935da116c5e8588

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

5/4/2024 6:47:10 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Shopper.335

9.0.1.061

Reason Heuristics

PUP.ShopAtHome.c

14.3.2.1

Sophos

SAHAgent

4.97

Vba32 AntiVirus

Signed-Adware.Sahat

3.12.24.3

File size:

2 MB (2,099,152 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\shopathome_app_c81594025_d1_r92269.exe

Digital Signature

Signed by:

ShopAtHome.com

Authority:

VeriSign, Inc.

Valid from:

5/25/2010 5:00:00 PM

Valid to:

6/21/2013 4:59:59 PM

Subject:

CN=ShopAtHome.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ShopAtHome.com, L=Greenwood Village, S=Colorado, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

063168411F371B898EE763E4858518C4

File PE Metadata

Compilation timestamp:

2/24/2012 11:21:56 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:HD8njXBIlxPgI8SvBmh0q0yCiIUYHBZQDOC6DFb:HgTBOFsx0cIF3R

Entry address:

0x3814

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 1C, C7, 44, 24, 10, 70, 8A, 40, 00, 89, 5C, 24, 18, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, A4, 82, 40, 00, 6A, 08, A3, 58, 89, 44, 00, E8, FA, 28, 00, 00, 53, 68, 60, 01, 00, 00, A3, 68, 88, 44, 00, 8D, 44, 24, 3C, 50, 53, 68, 1F, 8B, 40, 00, FF, 15, 70, 81, 40, 00, 68, 14, 8B, 40, 00, 68, 60, 48, 44, 00, E8, 24, 26, 00, 00, FF, 15, AC, 80, 40, 00, 50, BF, 50, 10, 47, 00, 57, E8, 12, 26... 
[+]

Entropy:

7.9396

Packer / compiler:

Nullsoft install system v2.x

Code size:

27 KB (27,648 bytes)

The file shopathome_app_c81594025_d1_r92269.exe has been seen being distributed by the following 14 URLs.

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1010997&src=SEPDSE&CID=0&surl=http://.../Printable-Coupons.aspx?refer=1010997&eurl=&turl=&DSP=0&bitiid=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1012995&src=SEPDSE&CID=57929142&DSP=0&bitiid=&finst=true&surl=http://www.shopathome.com/.../redrobin.com?refer=1012995&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1004176&src=SEPDSE&CID=92375680&surl=http://.../Grocery-Coupons.aspx?refer=1004176&eurl=&turl=&DSP=0&bitiid=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1031271&src=SEPDSE&CID=91634072&surl=http://.../Grocery-Coupons.aspx&eurl=&turl=&DSP=0

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1032461&src=SEPDSE&CID=0&surl=http://www.shopathome.com/.../christmastreeshops.com?refer=1032461&eurl=&turl=&DSP=0&bitiid=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1036737&src=SEPDSE&CID=86636511&surl=http://www.shopathome.com/.../michaels.com?refer=1036737&eurl=&turl=&DSP=0&bitiid=

http://toolbar.shopathome.com/.../download.aspx?subid=22711&isnew=y&owner=dlnopop&refer=92279&src=AFFLXX&CID=92191282&surl=&eurl=&turl=&DSP=0&bitiid=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=44832&src=SEPDSE&CID=95995456&DSP=0&bitiid=&finst=true&surl=http://.../Restaurant-Coupons.aspx?refer=44832&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=15359&owner=dlnopop&refer=92266&src=AFCHCX&CID=84480883&surl=&eurl=&turl=&DSP=0&bitiid=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&owner=dlnopop&refer=92269&src=AFFLXX&CID=74029903&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=99999&owner=NONBUNDLE&refer=92237&src=AFZTXX&CID=29036287&surl=&eurl=&turl=&DSP=0

http://toolbar.shopathome.com/.../download.aspx?subid=99999&owner=NONBUNDLE&refer=92237&src=AFZTXX&CID=54026018&surl=&eurl=&turl=&DSP=0&bitiid=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=64408&src=SEPDSE&CID=94951968&DSP=0&bitiid=&finst=true&surl=http://www.shopathome.com/.../greatclips.com?refer=64408&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1011037&src=SEPDSE&CID=48734018&surl=http://.../Restaurant-Coupons.aspx?refer=1011037&eurl=&turl=&DSP=0

Remove shopathome_app_c81594025_d1_r92269.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.