home

upgrade7000.exe

ShopAtHome.com

The application upgrade7000.exe by ShopAtHome.com has been detected as a potentially unwanted program by 4 anti-malware scanners. Additionally, the file is typically installed by a number of programs including ShopAtHome SelectRebates by Select Rebates and ShopAtHome.com Toolbar by Belcaro Group Inc., both potentially unwanted software. It is also typically executed from the user's temporary directory.
Publisher:
ShopAtHome.com  (signed and verified)

MD5:
20f79d91772c3eef55e9545b98c57acb

SHA-1:
b90c5cb96baadfef2e06bf3e2a1f4493cb501a8d

SHA-256:
d158b13680c6993dad8d000bbcd8f327436f3aa57b62d4c6008f413a7d5b51d4

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 2:16:52 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Shopper.415
9.0.1.0184

Reason Heuristics
PUP.ShopAtHome.L
14.7.3.17

Trend Micro House Call
TROJ_GEN.F47V0520
7.2.184

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
159.4 KB (163,192 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\sahupdate\upgrade7000.exe

Digital Signature
Signed by:
ShopAtHome.com

Authority:
VeriSign, Inc.

Valid from:
4/22/2013 7:00:00 PM

Valid to:
7/22/2016 6:59:59 PM

Subject:
CN=ShopAtHome.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ShopAtHome.com, L=Greenwood Village, S=Colorado, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7CDE093D5E63B7D49F5B9BBF9E788E57

File PE Metadata
Compilation timestamp:
5/8/2014 11:39:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:kOfuAGnGX7nilHPrPpLH4H/xVdOCT4ONjz:0ncbilHzPpLH4H/xrV8ONP

Entry address:
0x8590

Entry point:
E8, 8A, 42, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 3C, 23, 00, 00, 3B, 0D, 00, 42, 42, 00, 75, 02, F3, C3, E9, 06, 43, 00, 00, 8B, FF, 55, 8B, EC, 5D, E9, DB, FF, FF, FF, 8B, FF, 51, C7, 01, 8C, D3, 41, 00, E8, F3, 43, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, B2, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 2B, 44, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00...
 
[+]

Entropy:
6.4587

Code size:
110 KB (112,640 bytes)

The file upgrade7000.exe has been discovered within the following programs.

ShopAtHome SelectRebates  by Select Rebates
ShopAtHome SelectRebates is a potentially unwanted browser hijacker that runs in the web browser as a toolbar and web extension.
81% remove it
ShopAtHome.com Toolbar  by Belcaro Group Inc.
The ShopAtHome.com Toolbar will have the ability to inject such content into search results in your browser. Such content will be identified as ShopAtHome.com content, and you will have the ability to disable this feature of the Toolbar.
www.shopathome.com
64% remove it
 
Powered by Should I Remove It?

Remove upgrade7000.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.