» updater27793.exe
Overview
Analysis
File Details
Behaviors (1)
Network (11)

updater27793.exe

CouponDropDown Plugin

Innovative Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application updater27793.exe, “CouponDropDown Plugin exe” has been detected as adware by 12 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

updater27793.exe

Publisher:

Innovative Apps

Product:

CouponDropDown Plugin

Description:

CouponDropDown Plugin exe

Version:

1000.1000.1000.1000

MD5:

5dd0d2719359194ebd5cf51fbe00ae5a

SHA-1:

03b9704f54d48472daa43da7114e16effe0890dc

SHA-256:

75bf26abc2a27854b91d327890eb1444d9970431838c4e7a8780ea06bd79e173

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

5/16/2024 10:14:39 PM UTC (today)

Scan engine

Detection

Engine version

AVG

SmartShopper.G

2014.0.3615

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.131225

Bkav FE

W32.Clod808.Trojan

1.3.0.4613

Dr.Web

Adware.Plugin.88

9.0.1.0359

ESET NOD32

Win32/Toolbar.CrossRider (variant)

7.9257

herdProtect (fuzzy)

variant of updater21806.exe (Adware)

2014.1.2.15

K7 AntiVirus

Trojan

13.175.10750

McAfee

Artemis!67CAE5BFA730

5600.7262

NANO AntiVirus

Trojan.Win32.Plugin.cqzpgj

0.28.0.57029

Reason Heuristics

PUP.Task.InnovativeApps.M

14.2.20.19

Trend Micro House Call

TROJ_GEN.R0C1H05L813

7.2.359

VIPRE Antivirus

GamePlayLabs

25158

File size:

201.5 KB (206,336 bytes)

Product version:

1000.1000.1000.1000

Original file name:

CouponDropDown Plugin.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\updater27793\updater27793.exe

File PE Metadata

Compilation timestamp:

1/15/2013 4:31:55 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:q/2e1jiykkaE5dKvKJZltWRkWTpJitu8xQAei7MxNEndGM/EC:ne9iykqZvlt4k8Jkn+Aei7MxvM9

Entry address:

0x15B31

Entry point:

E8, 95, 83, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 22, E2, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 20, 26, 43, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 6C, 90, 42, 00... 
[+]

Entropy:

6.4282

Code size:

158 KB (161,792 bytes)

Scheduled Task

Task name:

Updater27793.exe

Trigger:

Time (Next runs on 12/25/2013 at 4:48 PM)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to geoplugin.net (178.237.36.10:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.50.25:80)

TCP (HTTP):

Connects to tlb.hwcdn.net (69.16.175.10:80)

Remove updater27793.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.