» beecouponsadv-us.exe
Overview
Analysis
File Details
Downloads (1)

beecouponsadv-us.exe

Enchanted Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application beecouponsadv-us.exe by Enchanted Apps has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

Publisher:

Enchanted Apps (signed and verified)

MD5:

82a26cc21520f4b304df074af9afb5e4

SHA-1:

45038dcb1d89f072f2571f5425c8c53c0d0ed331

SHA-256:

55592615f0a5663beb345af54abc8333de4edf9b831f38881b84ecd876ddfe3b

Scanner detections:

6 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

11/23/2024 10:50:35 AM UTC (today)

Scan engine

Detection

Engine version

AVG

MalSign.Generic

2015.0.3405

Dr.Web

Adware.Plugin.162

9.0.1.0203

NANO AntiVirus

Trojan.Win32.Generic.cumlhe

0.28.0.58720

Reason Heuristics

PUP.EnchantedApps.Q

14.8.7.17

Trend Micro House Call

TROJ_GEN.F47V0310

7.2.203

VIPRE Antivirus

GamePlayLabs

27768

File size:

1 MB (1,090,352 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\appdata\local\temp\beecouponsadv-us.exe

Digital Signature

Signed by:

Enchanted Apps

Authority:

Thawte, Inc.

Valid from:

6/3/2013 2:00:00 PM

Valid to:

6/4/2014 1:59:59 PM

Subject:

CN=Enchanted Apps, O=Enchanted Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0AD2FFB9C41506FA798B6D0457ECFD21

File PE Metadata

Compilation timestamp:

2/19/2012 5:01:49 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

24576:ytLt7Zkjlb3Z4XjmaNJ9PqpBRuAS+iFOOroRT4IwdqWgxPYmL:y1Wbp/aNJ1qpBUAfiADTb2UxL

Entry address:

0x4327

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.9560 (probably packed)

Code size:

34.5 KB (35,328 bytes)

The file beecouponsadv-us.exe has been seen being distributed by the following URL.

http://vbmz.visualbe.com/BeeCouponsAdv-us.exe

Remove beecouponsadv-us.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.