home

ShopAtHomeWatcher.exe

ShopAtHome.com Browser App

ShopAtHome.com (Belcaro Group, Inc.)

The application ShopAtHomeWatcher.exe, “ShopAtHome.com Cash Back Watcher” by ShopAtHome.com (Belcaro Group,) has been detected as a potentially unwanted program by 11 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ShopAtHomeWatcher’. This file is typically installed with the program ShopAtHome.com Helper by Belcaro Group Inc. which is a potentially unwanted software program.
Publisher:
ShopAtHome.com  (signed by ShopAtHome.com (Belcaro Group, Inc.))

Product:
ShopAtHome.com Browser App

Description:
ShopAtHome.com Cash Back Watcher

Version:
7.0.4.10

MD5:
cb7e46cbc3eb1e4fbdea4b9775ced394

SHA-1:
e2664d103763715a14988de158a05526278178c8

SHA-256:
e67e5a25b393c6b40dc0a3b8193d9fc4ad203b602827e7108c6e31cf4b0f2b55

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 3:35:42 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.ShopAtHome.1
396

Bitdefender
Gen:Variant.Adware.ShopAtHome.1
1.0.20.20

Emsisoft Anti-Malware
Gen:Variant.Adware.ShopAtHome
8.16.01.04.02

F-Secure
Gen:Variant.Adware.ShopAtHome.1
11.2016-04-01_2

G Data
Win32.Adware.ShopAtHome
16.1.24

Malwarebytes
PUP.Optional.ShopAtHome.A
v2016.01.04.02

MicroWorld eScan
Gen:Variant.Adware.ShopAtHome.1
17.0.0.12

nProtect
Adware.Shopathome.H
14.06.03.01

Reason Heuristics
PUP.ShopAtHome.ShopAtHomeBelcaroGroup (M)
16.1.4.14

Sophos
SAHAgent
4.98

Trend Micro House Call
TROJ_GEN.F47V1021
7.2.4

File size:
125.6 KB (128,656 bytes)

Product version:
7.0.4.10

Copyright:
(c) ShopAtHome.com. All rights reserved.

Original file name:
ShopAtHomeWatcher.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\shopathome\shopathomehelper\shopathomewatcher.exe

Digital Signature
Signed by:
ShopAtHome.com (Belcaro Group, Inc.)

Authority:
Symantec Corporation

Valid from:
6/25/2013 5:00:00 PM

Valid to:
6/26/2014 4:59:59 PM

Subject:
CN="ShopAtHome.com (Belcaro Group, Inc.)", O="ShopAtHome.com (Belcaro Group, Inc.)", L=Greenwood Village, S=Colorado, C=US, SERIALNUMBER=19871692567, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
237B0D903D7BC26FE5D98F5F4AAF5E42

File PE Metadata
Compilation timestamp:
10/4/2013 10:41:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:h/UpgK975xmO1NXuivrblOZOdG+szT7/P:QdxL1NegrbMOcvP

Entry address:
0x6697

Entry point:
E8, C9, 65, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 84, 57, 42, 00, 00, 74, 05, E9, 24, 66, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07...
 
[+]

Entropy:
6.4334

Code size:
84.5 KB (86,528 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ShopAtHomeWatcher

Command:
C:\users\{user}\appdata\roaming\shopathome\shopathomehelper\shopathomewatcher.exe


The file ShopAtHomeWatcher.exe has been discovered within the following program.

ShopAtHome.com Helper  by Belcaro Group Inc.
This is the helper application that is installed with the ShopAtHome Toolbar (Browser App).
www.shopathome.com
68% remove it
 
Powered by Should I Remove It?

Remove ShopAtHomeWatcher.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.