» ShopAtHomeUpdater.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (5)

ShopAtHomeUpdater.exe

ShopAtHome.com Browser App

ShopAtHome.com (Belcaro Group, Inc.)

The application ShopAtHomeUpdater.exe, “ShopAtHome.com Cash Back Updater” by ShopAtHome.com (Belcaro Group,) has been detected as a potentially unwanted program by 15 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ShopAtHomeUpdater’. This file is typically installed with the program ShopAtHome.com Helper by Belcaro Group Inc. which is a potentially unwanted software program. While running, it connects to the Internet address 107.154.105.208.ip.incapdns.net on port 80 using the HTTP protocol.

File name:

Publisher:

ShopAtHome.com (signed by ShopAtHome.com (Belcaro Group, Inc.))

Product:

ShopAtHome.com Browser App

Description:

ShopAtHome.com Cash Back Updater

Version:

7.10.2.6

MD5:

2f9295f5f7a91ee629224861abce0530

SHA-1:

ac0a3a6f2bda6cf8d22ee92feeaa4b32abc6f271

SHA-256:

d114943ac9b0d9339015b978e6e394296b5d5d0a44c8477deea0e8aa0227f615

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

4/27/2024 12:03:05 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Shopathome.H

833

AVG

Generic

2015.0.3311

Bitdefender

Adware.Shopathome.H

1.0.20.1485

Bkav FE

W32.Clod028.Trojan

1.3.0.4613

Emsisoft Anti-Malware

Adware.Shopathome

8.14.10.24.06

F-Secure

Adware.Shopathome.H

11.2014-24-10_6

G Data

Win32.Adware.ShopAtHome

14.10.24

Malwarebytes

PUP.Optional.ShopAtHome.A

v2014.10.24.06

McAfee

Artemis!4E86C7797513

5600.6967

MicroWorld eScan

Adware.Shopathome.H

15.0.0.891

nProtect

Adware.Shopathome.H

14.06.03.01

Reason Heuristics

PUP.Startup.ShopAtHomeBelcaroGroup.R

14.10.24.18

Sophos

SAHAgent

4.98

Trend Micro House Call

Suspicious_GEN.F47V0708

7.2.297

VIPRE Antivirus

ShopAtHome

34194

File size:

195.2 KB (199,864 bytes)

Product version:

7.10.2.6

Original file name:

ShopAtHomeUpdater.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\shopathome\shopathomehelper\shopathomeupdater.exe

Digital Signature

Signed by:

ShopAtHome.com (Belcaro Group, Inc.)

Authority:

Symantec Corporation

Valid from:

6/4/2014 7:00:00 PM

Valid to:

6/28/2017 6:59:59 PM

Subject:

CN="ShopAtHome.com (Belcaro Group, Inc.)", OU=IT, O="ShopAtHome.com (Belcaro Group, Inc.)", L=Greenwood Village, S=Colorado, C=US, SERIALNUMBER=19871692567, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

38E3C208FF559249F35DC2BBDA16136B

File PE Metadata

Compilation timestamp:

10/23/2014 2:45:49 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:fVVj+nmAbFEhaOKGKFKxO/48XKYYhnVIbrNvcjxIH6HFp:fP2bFEhYGKYY/7XKYY4bJvNeP

Entry address:

0x10015

Entry point:

E8, 4B, 72, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 4C, A1, 40, C2, 42, 00, 33, C5, 89, 45, FC, 53, 33, DB, 57, 8B, F9, 89, 5D, C0, 89, 5D, BC, 3B, FB, 75, 1A, E8, 7D, 09, 00, 00, C7, 00, 16, 00, 00, 00, E8, 2A, 26, 00, 00, 83, CA, FF, 8B, C2, E9, 65, 02, 00, 00, 8B, 47, 14, 99, 8B, C8, 8B, C2, 89, 4D, D0, 83, C1, BB, 89, 45, D4, 83, D0, FF, 56, 3B, C3, 0F, 87, 37, 02, 00, 00, 72, 0C, 81, F9, 08, 04, 00, 00, 0F, 87, 29, 02, 00, 00, 8B, 47, 10, 3B, C3, 7C, 05, 83, F8, 0B, 7E, 46, 99, 6A, 0C... 
[+]

Entropy:

6.4594

Code size:

143 KB (146,432 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ShopAtHomeUpdater

Command:

C:\users\{user}\appdata\roaming\shopathome\shopathomehelper\shopathomeupdater.exe

The file ShopAtHomeUpdater.exe has been discovered within the following program.

ShopAtHome.com Helper by Belcaro Group Inc.

This is the helper application that is installed with the ShopAtHome Toolbar (Browser App).

www.shopathome.com

68% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to 107.154.108.208.ip.incapdns.net (107.154.108.208:80)

TCP (HTTP):

Connects to 107.154.105.208.ip.incapdns.net (107.154.105.208:80)

TCP (HTTP):

Connects to 107.154.104.208.ip.incapdns.net (107.154.104.208:80)

TCP (HTTP):

Connects to 107.154.106.208.ip.incapdns.net (107.154.106.208:80)

TCP (HTTP):

Connects to 107.154.102.208.ip.incapdns.net (107.154.102.208:80)

Remove ShopAtHomeUpdater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.