home

ShopAtHomeHelper.exe

ShopAtHome.com Browser App

ShopAtHome.com

The application ShopAtHomeHelper.exe, “ShopAtHome.com Cash Back Helper” by ShopAtHome.com has been detected as a potentially unwanted program by 3 anti-malware scanners. This file is typically installed with the program ShopAtHome.com Helper by Belcaro Group Inc. which is a potentially unwanted software program. While running, it connects to the Internet address 107.154.108.91.ip.incapdns.net on port 80 using the HTTP protocol.
Publisher:
ShopAtHome.com  (signed and verified)

Product:
ShopAtHome.com Browser App

Description:
ShopAtHome.com Cash Back Helper

Version:
1.0.0.1

MD5:
53015f5e14a723ea32fe829fd3c2e600

SHA-1:
167dc1c685c5db39b6d6657d77af2344b0915dc4

SHA-256:
aec6fdbd55ff63fca7e3e8192436a076851062bb131389f84b51a63197810f51

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
5/14/2024 1:24:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ShopAtHome.Q
14.4.9.17

Sophos
SAHAgent
4.97

Vba32 AntiVirus
Signed-Adware.Sahat
3.12.24.3

File size:
1.2 MB (1,288,568 bytes)

Product version:
1.0.0.1

Copyright:
(c) ShopAtHome.com. All rights reserved.

Original file name:
ShopAtHomeHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\shopathome\shopathomehelper\shopathomehelper.exe

Digital Signature
Signed by:
ShopAtHome.com

Authority:
VeriSign, Inc.

Valid from:
5/25/2010 8:00:00 PM

Valid to:
6/21/2013 7:59:59 PM

Subject:
CN=ShopAtHome.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ShopAtHome.com, L=Greenwood Village, S=Colorado, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
063168411F371B898EE763E4858518C4

File PE Metadata
Compilation timestamp:
1/29/2013 1:41:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:EHCTmcQNageTGNFr0/KUljM0ot5nXOsnROn66:EHoUoiyFljU5nXOsR+66

Entry address:
0x896BF

Entry point:
E8, 50, BA, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, B4, E9, 51, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 84, B0, 4D, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89...
 
[+]

Entropy:
6.5110

Code size:
868.5 KB (889,344 bytes)

The file ShopAtHomeHelper.exe has been discovered within the following programs.

ShopAtHome.com Helper  by Belcaro Group Inc.
This is the helper application that is installed with the ShopAtHome Toolbar (Browser App).
www.shopathome.com
68% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 199.83.129.126.ip.incapdns.net  (199.83.129.126:80)

TCP (HTTP):
Connects to 107.154.105.91.ip.incapdns.net  (107.154.105.91:80)

TCP (HTTP):
Connects to 199.83.128.126.ip.incapdns.net  (199.83.128.126:80)

TCP (HTTP):
Connects to 107.154.109.91.ip.incapdns.net  (107.154.109.91:80)

TCP (HTTP):
Connects to 199.83.135.126.ip.incapdns.net  (199.83.135.126:80)

TCP (HTTP):
Connects to 199.83.132.126.ip.incapdns.net  (199.83.132.126:80)

TCP (HTTP SSL):
Connects to 199.83.128.203.ip.incapdns.net  (199.83.128.203:443)

TCP (HTTP):
Connects to 107.154.110.91.ip.incapdns.net  (107.154.110.91:80)

TCP (HTTP):
Connects to 107.154.108.91.ip.incapdns.net  (107.154.108.91:80)

TCP (HTTP SSL):
Connects to 107.154.102.91.ip.incapdns.net  (107.154.102.91:443)

Remove ShopAtHomeHelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.