home

ShopAtHomeWatcher.exe

ShopAtHome.com Browser App

ShopAtHome.com (Belcaro Group, Inc.)

The application ShopAtHomeWatcher.exe, “ShopAtHome.com Cash Back Watcher” by ShopAtHome.com (Belcaro Group,) has been detected as a potentially unwanted program by 8 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ShopAtHomeWatcher’. This file is typically installed with the program ShopAtHome.com Helper by Belcaro Group Inc. which is a potentially unwanted software program.
Publisher:
ShopAtHome.com  (signed by ShopAtHome.com (Belcaro Group, Inc.))

Product:
ShopAtHome.com Browser App

Description:
ShopAtHome.com Cash Back Watcher

Version:
7.10.2.6

MD5:
764faeb61b0645882ee394abad4817ea

SHA-1:
89181ba36357a460fe82c3c7d1f9562b803a7bb8

SHA-256:
e29df7aef55c3a68e0b87658fc813090b875e81fa9f788d27b38cfc77d025f64

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 2:19:00 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3311

G Data
Win32.Adware.ShopAtHome
14.10.24

Malwarebytes
PUP.Optional.ShopAtHome.A
v2014.10.24.06

McAfee
Artemis!E83D45F5C5E0
5600.6967

Reason Heuristics
PUP.Startup.ShopAtHomeBelcaroGroup.R
14.10.24.18

Sophos
SAHAgent
4.98

Trend Micro House Call
Suspicious_GEN.F47V0708
7.2.297

VIPRE Antivirus
ShopAtHome
34194

File size:
127.2 KB (130,232 bytes)

Product version:
7.10.2.6

Copyright:
(c) ShopAtHome.com. All rights reserved.

Original file name:
ShopAtHomeWatcher.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\shopathome\shopathomehelper\shopathomewatcher.exe

Digital Signature
Signed by:
ShopAtHome.com (Belcaro Group, Inc.)

Authority:
Symantec Corporation

Valid from:
6/4/2014 7:00:00 PM

Valid to:
6/28/2017 6:59:59 PM

Subject:
CN="ShopAtHome.com (Belcaro Group, Inc.)", OU=IT, O="ShopAtHome.com (Belcaro Group, Inc.)", L=Greenwood Village, S=Colorado, C=US, SERIALNUMBER=19871692567, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
38E3C208FF559249F35DC2BBDA16136B

File PE Metadata
Compilation timestamp:
10/23/2014 2:45:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:rOQ1VZr1alDyjEkCrVChDx7GO2SKHxsrkRCH5MDkM830XuSnnsBkdCAgrOOHk4Z5:qQ1VSZyJuY/8xdCZMvFykdlgrOO1/

Entry address:
0x69F7

Entry point:
E8, CB, 65, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 84, 57, 42, 00, 00, 74, 05, E9, 26, 66, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07...
 
[+]

Entropy:
6.4258

Code size:
85.5 KB (87,552 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ShopAtHomeWatcher

Command:
C:\users\{user}\appdata\roaming\shopathome\shopathomehelper\shopathomewatcher.exe


The file ShopAtHomeWatcher.exe has been discovered within the following program.

ShopAtHome.com Helper  by Belcaro Group Inc.
This is the helper application that is installed with the ShopAtHome Toolbar (Browser App).
www.shopathome.com
68% remove it
 
Powered by Should I Remove It?

Remove ShopAtHomeWatcher.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.