» update.exe
Overview
Analysis
File Details
Programs (1)

update.exe

IE Toolbar

Coupons.com, Inc.

The application update.exe, “IE Toolbar Updater” by Coupons.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program CouponBar by Coupons.com Incorporated which is a potentially unwanted software program.

File name:

update.exe

Publisher:

Coupons.com, Inc. (signed and verified)

Product:

IE Toolbar

Description:

IE Toolbar Updater

Version:

4.2.0.99

MD5:

36ddc21834405112910bf2cafe8243ac

SHA-1:

8fd4bb43dbd480541ab7495503720ab09088cdc5

SHA-256:

3a4440d6c2e9eda8887c625ec62993feb7954ed47f359b8e260b979ae74d10df

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 1:02:00 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Toolbar.Coupons.G

14.3.6.1

File size:

76.4 KB (78,264 bytes)

Product version:

4.2.0.99

Original file name:

update.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\coupons.com couponbar\update.exe

Digital Signature

Signed by:

Coupons.com, Inc.

Authority:

VeriSign, Inc.

Valid from:

10/9/2012 8:00:00 PM

Valid to:

10/13/2015 7:59:59 PM

Subject:

CN="Coupons.com, Inc.", OU=Coupons.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Coupons.com, Inc.", L=Palo Alto, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

545EAD15996F57759F442D2F8A9849FD

File PE Metadata

Compilation timestamp:

11/17/2011 6:21:24 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:Uhk+2IpJOhRPrLxWHGiKV0loUobtM7Mp+nViC+s8:UhwrHrLzwmtM7Mp+nVQ

Entry address:

0x2F64

Entry point:

E8, 1E, 35, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, 28, 04, 41, 00, E8, 26, 03, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, C0, 4B, 41, 00, 03, 75, 43, 6A, 04, E8, 08, 37, 00, 00, 59, 83, 65, FC, 00, 56, E8, 30, 37, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 51, 37, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, F4, 35, 00, 00, 59, C3, 56, 6A, 00, FF, 35, 9C, 38, 41, 00, FF, 15, 90, E0, 40, 00, 85, C0, 75, 16, E8, 98, 19, 00... 
[+]

Entropy:

6.4705

Code size:

50 KB (51,200 bytes)

The file update.exe has been discovered within the following programs.

CouponBar by Coupons.com Incorporated

The Coupons.com CouponBar is a web browser add-in that analyzes web sites your browser visits and attempts to find discount deals associated with the merchant's product offerings.

www.coupons.com

74% remove it

Remove update.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.