» ShopAtHomeHelper.exe
Overview
Analysis
File Details
Programs (1)
Network (2)

ShopAtHomeHelper.exe

ShopAtHome.com Browser App

ShopAtHome.com

The application ShopAtHomeHelper.exe, “ShopAtHome.com Cash Back Helper” by ShopAtHome.com has been detected as a potentially unwanted program by 9 anti-malware scanners. This file is typically installed with the program ShopAtHome.com Helper by Belcaro Group Inc. which is a potentially unwanted software program. While running, it connects to the Internet address 107.154.110.91.ip.incapdns.net on port 80 using the HTTP protocol.

File name:

Publisher:

ShopAtHome.com (signed and verified)

Product:

ShopAtHome.com Browser App

Description:

ShopAtHome.com Cash Back Helper

Version:

1.0.0.1

MD5:

39b2853faaa6330ce3706f2b904a69c9

SHA-1:

797c406601d582bd92e1f47a8bb91ca553ff2f45

Scanner detections:

9 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 6:34:12 PM UTC (today)

Scan engine

Detection

Engine version

Bitdefender

Gen:Variant.Adware.ShopAtHome.1

1.0.20.1015

Emsisoft Anti-Malware

Gen:Variant.Adware.ShopAtHome

8.14.07.22.05

F-Secure

Gen:Variant.Adware.ShopAtHome.1

11.2014-22-07_3

G Data

Gen:Variant.Adware.ShopAtHome

14.7.22

Malwarebytes

PUP.Optional.ShopAtHome.A

v2014.07.22.05

Reason Heuristics

PUP.ShopAtHome.Q

14.7.22.17

Sophos

SAHAgent

4.98

Trend Micro House Call

TROJ_GEN.F47V0603

7.2.203

Vba32 AntiVirus

Signed-Adware.Sahat

3.12.26.0

File size:

1.2 MB (1,255,864 bytes)

Product version:

1.0.0.1

Original file name:

ShopAtHomeHelper.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Application data\shopathome\shopathomehelper\shopathomehelper.exe

Digital Signature

Signed by:

ShopAtHome.com

Authority:

VeriSign, Inc.

Valid from:

5/25/2010 7:00:00 PM

Valid to:

6/21/2013 6:59:59 PM

Subject:

CN=ShopAtHome.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ShopAtHome.com, L=Greenwood Village, S=Colorado, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

063168411F371B898EE763E4858518C4

File PE Metadata

Compilation timestamp:

10/1/2012 11:25:29 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:pbbdPvi6u+KrqibC7LWXtLW1ONhkYlIVpdJWQ6l7:pFAFqibC7LyS1ONlox6l7

Entry address:

0x848B3

Entry point:

E8, 49, BA, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, F4, 68, 51, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 80, 50, 4D, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89... 
[+]

Entropy:

6.5100

Code size:

847 KB (867,328 bytes)

The file ShopAtHomeHelper.exe has been discovered within the following program.

ShopAtHome.com Helper by Belcaro Group Inc.

This is the helper application that is installed with the ShopAtHome Toolbar (Browser App).

www.shopathome.com

68% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to vux.netsolhost.com (206.188.193.81:80)

TCP (HTTP):

Connects to 107.154.110.91.ip.incapdns.net (107.154.110.91:80)

Remove ShopAtHomeHelper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.