home

ShopAtHomeHelper.exe

ShopAtHome.com Browser App

ShopAtHome.com (Belcaro Group, Inc.)

The application ShopAtHomeHelper.exe, “ShopAtHome.com Cash Back Helper” by ShopAtHome.com (Belcaro Group,) has been detected as a potentially unwanted program by 9 anti-malware scanners. This file is typically installed with the program ShopAtHome.com Helper by Belcaro Group Inc. which is a potentially unwanted software program. While running, it connects to the Internet address 199.83.132.126.ip.incapdns.net on port 80 using the HTTP protocol.
Publisher:
ShopAtHome.com  (signed by ShopAtHome.com (Belcaro Group, Inc.))

Product:
ShopAtHome.com Browser App

Description:
ShopAtHome.com Cash Back Helper

Version:
7.10.2.10

MD5:
8229db4e61bd119acac35ff83cc37942

SHA-1:
616ed9755b378ceda5ed0c397ce5ef79f529bed1

SHA-256:
47b8bb5752a917536b7b40e28343686381d2f51018b744ac92d17f5f1d71389c

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
5/14/2024 9:28:51 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3275

Boost by Reason
Optional.ShopAtHomeBelcaroGroup.Q
188838

G Data
Win32.Adware.ShopAtHome
14.11.24

Malwarebytes
PUP.Optional.ShopAtHome.A
v2014.11.29.12

McAfee
Artemis!CF615D7EA5E3
5600.6931

Reason Heuristics
PUP.ShopAtHomeBelcaroGroup.Q
14.11.29.12

Sophos
SAHAgent
4.98

Trend Micro House Call
Suspicious_GEN.F47V0708
7.2.333

VIPRE Antivirus
ShopAtHome
35126

File size:
1003.7 KB (1,027,768 bytes)

Product version:
7.10.2.10

Copyright:
(c) ShopAtHome.com. All rights reserved.

Original file name:
ShopAtHomeHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\shopathome\shopathomehelper\shopathomehelper.exe

Digital Signature
Signed by:
ShopAtHome.com (Belcaro Group, Inc.)

Authority:
Symantec Corporation

Valid from:
6/4/2014 5:00:00 PM

Valid to:
6/28/2017 4:59:59 PM

Subject:
CN="ShopAtHome.com (Belcaro Group, Inc.)", OU=IT, O="ShopAtHome.com (Belcaro Group, Inc.)", L=Greenwood Village, S=Colorado, C=US, SERIALNUMBER=19871692567, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
38E3C208FF559249F35DC2BBDA16136B

File PE Metadata
Compilation timestamp:
11/25/2014 8:05:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:8WEXRZNvl0fissIXMqqG7Qscg6VQqrz3ER:eRZNCf46MqqGJ6VQqrz3ER

Entry address:
0x6F3A9

Entry point:
E8, F1, A2, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 2C, A1, 44, 96, 4D, 00, 33, C5, 89, 45, FC, 56, FF, 75, 0C, 8B, 75, 08, 8D, 4D, D4, E8, AC, C2, FF, FF, 85, F6, 75, 24, E8, DC, D4, FF, FF, C7, 00, 16, 00, 00, 00, E8, C4, 2F, 00, 00, 80, 7D, E0, 00, 74, 07, 8B, 45, DC, 83, 60, 70, FD, D9, EE, EB, 35, 83, C6, 02, 0F, B7, 06, 6A, 08, 50, E8, B7, 72, 00, 00, 59, 59, 85, C0, 75, EC, 8D, 45, D4, 50, 8D, 45, E4, 56, 50, E8, 1F, A3, 00, 00, DD, 40, 10, 83, C4, 0C, 80, 7D, E0, 00, 74, 07, 8B, 45...
 
[+]

Entropy:
6.4393

Code size:
653 KB (668,672 bytes)

The file ShopAtHomeHelper.exe has been discovered within the following program.

ShopAtHome.com Helper  by Belcaro Group Inc.
This is the helper application that is installed with the ShopAtHome Toolbar (Browser App).
www.shopathome.com
68% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 107.154.109.91.ip.incapdns.net  (107.154.109.91:80)

TCP (HTTP):
Connects to 199.83.129.126.ip.incapdns.net  (199.83.129.126:80)

TCP (HTTP):
Connects to 107.154.105.91.ip.incapdns.net  (107.154.105.91:80)

TCP (HTTP):
Connects to 199.83.128.126.ip.incapdns.net  (199.83.128.126:80)

TCP (HTTP):
Connects to 107.154.108.91.ip.incapdns.net  (107.154.108.91:80)

TCP (HTTP):
Connects to 199.83.135.126.ip.incapdns.net  (199.83.135.126:80)

TCP (HTTP):
Connects to 107.154.107.91.ip.incapdns.net  (107.154.107.91:80)

TCP (HTTP SSL):
Connects to bam-6.nr-data.net  (162.247.242.18:443)

TCP (HTTP SSL):
Connects to bam-4.nr-data.net  (50.31.164.174:443)

TCP (HTTP):
Connects to 199.83.134.126.ip.incapdns.net  (199.83.134.126:80)

TCP (HTTP SSL):
Connects to bam-3.nr-data.net  (50.31.164.173:443)

TCP (HTTP SSL):
Connects to bam-2.nr-data.net  (50.31.164.166:443)

TCP (HTTP):
Connects to 199.83.132.126.ip.incapdns.net  (199.83.132.126:80)

TCP (HTTP):
Connects to 107.154.120.91.ip.incapdns.net  (107.154.120.91:80)

TCP (HTTP):
Connects to 107.154.111.91.ip.incapdns.net  (107.154.111.91:80)

TCP (HTTP):
Connects to 107.154.104.91.ip.incapdns.net  (107.154.104.91:80)

TCP (HTTP):
Connects to 107.154.102.91.ip.incapdns.net  (107.154.102.91:80)

Remove ShopAtHomeHelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.