home

upgrade7000.exe

ShopAtHome.com

The application upgrade7000.exe by ShopAtHome.com has been detected as a potentially unwanted program by 3 anti-malware scanners. This file is typically installed with the program ShopAtHome.com Toolbar by Belcaro Group Inc. which is a potentially unwanted software program.
Publisher:
ShopAtHome.com  (signed and verified)

MD5:
e505d532048e9751a095d9f226823a1a

SHA-1:
71a48bd2432d3496763f8a1d9abe7b58e9a02d2f

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 4:00:50 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Shopper.429
9.0.1.0147

Reason Heuristics
PUP.ShopAtHome.L
14.5.27.13

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.0

File size:
158.9 KB (162,680 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\selectrebates\upgrade7000.exe

Digital Signature
Signed by:
ShopAtHome.com

Authority:
VeriSign, Inc.

Valid from:
4/22/2013 8:00:00 PM

Valid to:
7/22/2016 7:59:59 PM

Subject:
CN=ShopAtHome.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ShopAtHome.com, L=Greenwood Village, S=Colorado, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7CDE093D5E63B7D49F5B9BBF9E788E57

File PE Metadata
Compilation timestamp:
4/17/2014 3:31:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:3jd6G4LBNE3p+k56wdjohiSUx29ZsrTYPr5Caxw:kG4zE3p+FwdjohiSUx0scPr5Rxw

Entry address:
0x8481

Entry point:
E8, 89, 42, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 3B, 23, 00, 00, 3B, 0D, 00, 42, 42, 00, 75, 02, F3, C3, E9, 05, 43, 00, 00, 8B, FF, 55, 8B, EC, 5D, E9, DB, FF, FF, FF, 8B, FF, 51, C7, 01, 6C, D3, 41, 00, E8, F2, 43, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, B2, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 2A, 44, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00...
 
[+]

Entropy:
6.4580

Code size:
109.5 KB (112,128 bytes)

The file upgrade7000.exe has been discovered within the following program.

ShopAtHome.com Toolbar  by Belcaro Group Inc.
The ShopAtHome.com Toolbar will have the ability to inject such content into search results in your browser. Such content will be identified as ShopAtHome.com content, and you will have the ability to disable this feature of the Toolbar.
www.shopathome.com
64% remove it
 
Powered by Should I Remove It?

Remove upgrade7000.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.