beecoupons-us.exe

Smart Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application beecoupons-us.exe by Smart Apps has been detected as adware by 5 anti-malware scanners. This is a setup program which is used to install the application. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from vbmz.visualbe.com.
Publisher:
Smart Apps  (signed and verified)

MD5:
063e85861946213e463312fe8fcec6f7

SHA-1:
6ce6850fd21515ab61a0e0bc21002405d56f3d2f

SHA-256:
f19838c5fc44b8b8891c6e6a38efdcbf30908f87766ff5947a51496e827ca671

Scanner detections:
5 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
12/25/2024 1:28:24 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Plugin.111
9.0.1.014

Malwarebytes
PUP.Optional.Adwareplugin
v2014.01.14.04

Reason Heuristics
PUP.SmartApps.N
14.8.7.20

Sophos
Deal Slider
4.96

VIPRE Antivirus
GamePlayLabs
25246

File size:
1.1 MB (1,101,712 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\beecoupons-us.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
3/24/2013 5:00:00 PM

Valid to:
3/25/2014 4:59:59 PM

Subject:
CN=Smart Apps, O=Smart Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7CAFCF7841E5BDDF79F61691D678D0EC

File PE Metadata
Compilation timestamp:
2/19/2012 7:01:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
24576:ntLtWKHHRfy1NVU0SFJvrMy/MeyCbw4mZkzXk0sEF+DM:n1MOxfylUhheCbwJZkrkbTo

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9570  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The file beecoupons-us.exe has been seen being distributed by the following URL.

Remove beecoupons-us.exe - Powered by Reason Core Security