home

updater12749.exe

Coupon Caddy

Innovative Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application updater12749.exe by Innovative Apps has been detected as adware by 11 anti-malware scanners. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Innovative Apps  (signed and verified)

Product:
Coupon Caddy

Description:
Coupon Caddy exe

Version:
1000.1000.1000.1000

MD5:
2d5a1a226fd61cde281217d9a68c9035

SHA-1:
95d9a1a2f2633a46613205e29428c4f2e7ada16e

SHA-256:
4384ef318f52afd405487814a18fb983bc6ac0718c652a3d37ba2294f344e924

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
4/26/2024 10:03:51 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/IWantThis.I.2
7.11.109.28

avast!
Win32:Installer-M [Adw]
2014.9-140423

AVG
SmartShopper.G
2015.0.3495

Comodo Security
ApplicUnwnt
17147

Dr.Web
Adware.Plugin.88
9.0.1.0113

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.8955

McAfee
Artemis!2D5A1A226FD6
5600.7151

Reason Heuristics
PUP.InnovativeApps.M
14.8.7.17

Sophos
AppRider
4.93

Trend Micro House Call
TROJ_GEN.F47V0409
7.2.113

VIPRE Antivirus
GamePlayLabs
22650

File size:
205.4 KB (210,312 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Coupon Caddy.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\updater12749\updater12749.exe

Digital Signature
Signed by:
Innovative Apps

Authority:
Thawte, Inc.

Valid from:
1/8/2013 6:00:00 PM

Valid to:
1/9/2014 5:59:59 PM

Subject:
CN=Innovative Apps, O=Innovative Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5419E32FDAD7A6E5666A35066C5EAAC5

File PE Metadata
Compilation timestamp:
1/15/2013 7:01:55 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:S/2e1jiykkaE5dKvKJZltWRkWTpJitu8xQAei7MxNEndGM/k0:/e9iykqZvlt4k8Jkn+Aei7MxvMT

Entry address:
0x15B31

Entry point:
E8, 95, 83, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 22, E2, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 20, 26, 43, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 6C, 90, 42, 00...
 
[+]

Entropy:
6.4689

Code size:
158 KB (161,792 bytes)

Remove updater12749.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.