home

couponarific.exe

Coupoon

This is the instaler for an an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application couponarific.exe by Coupoon has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.
Publisher:
Coupoon  (signed and verified)

MD5:
8fa6441dd2e1a8c50f38d33c923f727f

SHA-1:
880be4a7fd8b3bfe4f70c09d73301a439e08acef

SHA-256:
6ae4f0fca6cd965fb7414012f2eb6ddb1562c2d3f88b3b910dab28a44769f863

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
11/23/2024 10:35:34 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.AdPeak.Y
5570222

AVG
Generic
2016.0.3095

Bitdefender
Adware.AdPeak.Y
1.0.20.740

Comodo Security
ApplicUnwnt
22255

Emsisoft Anti-Malware
Adware.AdPeak.Y
10.0.0.5366

ESET NOD32
Win32/Adware.Adpeak.Q application
7.0.302.0

F-Secure
Adware.AdPeak.Y
11.2015-28-05_5

G Data
Adware.AdPeak
15.5.25

K7 AntiVirus
Adware
13.204.16059

Malwarebytes
PUP.Optional.Coupoon.A
v2015.05.28.02

MicroWorld eScan
Adware.AdPeak.Y
16.0.0.444

nProtect
Adware.AdPeak.Y
15.05.28.01

Reason Heuristics
PUP.AdPeak.Installer
15.5.28.14

Sophos
Generic PUA CI
4.98

VIPRE Antivirus
Threat.4150696
40552

File size:
350.9 KB (359,352 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\couponarific.exe

Digital Signature
Signed by:
Coupoon

Authority:
GlobalSign nv-sa

Valid from:
11/22/2014 2:35:57 AM

Valid to:
11/23/2015 2:35:57 AM

Subject:
E=support@coupoon.org, CN=Coupoon, O=Coupoon, L=Tallahassee, S=FL, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121400C47EC899C3BA485785E2CAB2D79C3

File PE Metadata
Compilation timestamp:
10/7/2014 3:40:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ZoGzI1XT5k2Ah6HOOQexjGoLAE+a4zpKUgy8nqo0bD818FpaBTshxNqMxS7cUD:ZbG5k3+xjGoZt4qlb0US+IhxNqf7cUD

Entry address:
0x31FF

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 09, A3, 78, 92, 42, 00, E8, FD, 2E, 00, 00, A3, C4, 91, 42, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, 70, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, C0, 81, 42, 00, E8, 68, 2B, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 56, 2B, 00, 00...
 
[+]

Entropy:
7.9499

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove couponarific.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.