beecouponsadv-us.exe

Enchanted Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application beecouponsadv-us.exe by Enchanted Apps has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Enchanted Apps  (signed and verified)

MD5:
82a26cc21520f4b304df074af9afb5e4

SHA-1:
45038dcb1d89f072f2571f5425c8c53c0d0ed331

SHA-256:
55592615f0a5663beb345af54abc8333de4edf9b831f38881b84ecd876ddfe3b

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
12/25/2024 12:39:07 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Generic
2015.0.3405

Dr.Web
Adware.Plugin.162
9.0.1.0203

NANO AntiVirus
Trojan.Win32.Generic.cumlhe
0.28.0.58720

Reason Heuristics
PUP.EnchantedApps.Q
14.8.7.17

Trend Micro House Call
TROJ_GEN.F47V0310
7.2.203

VIPRE Antivirus
GamePlayLabs
27768

File size:
1 MB (1,090,352 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\appdata\local\temp\beecouponsadv-us.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/3/2013 2:00:00 PM

Valid to:
6/4/2014 1:59:59 PM

Subject:
CN=Enchanted Apps, O=Enchanted Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0AD2FFB9C41506FA798B6D0457ECFD21

File PE Metadata
Compilation timestamp:
2/19/2012 5:01:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
24576:ytLt7Zkjlb3Z4XjmaNJ9PqpBRuAS+iFOOroRT4IwdqWgxPYmL:y1Wbp/aNJ1qpBUAfiADTb2UxL

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9560  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The file beecouponsadv-us.exe has been seen being distributed by the following URL.

Remove beecouponsadv-us.exe - Powered by Reason Core Security