couponarific_de.exe

Win32 Cabinet Self-Extractor

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application couponarific_de.exe, “Win32 Cabinet Self-Extractor ” has been detected as a potentially unwanted program by 27 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dm930xmxv1gqs.cloudfront.net.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft® Windows® Operating System

Description:
Win32 Cabinet Self-Extractor

Version:
6.00.2900.5512 (xpsp.080413-2105)

MD5:
a4dc04d3b28b3d4ca7d241293b74d670

SHA-1:
adf3ee05abb4871de3a0516b88817fffd2821300

SHA-256:
82eff1049627288f203ffafe88c129ce289a30f1962ebf44d496b6fab0b55a57

Scanner detections:
27 / 68

Status:
Potentially unwanted

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
11/23/2024 8:17:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.738656
824

AegisLab AV Signature
Troj.Downloader.W32.Genome
2.1.4+

Agnitum Outpost
PUA.Adpeak
7.1.1

Avira AntiVirus
SPR/Tool.2583937
7.11.181.186

avast!
Win32:Adware-gen [Adw]
2014.9-141102

AVG
Generic_r
2015.0.3302

Bitdefender
Application.Generic.738656
1.0.20.1530

Comodo Security
ApplicUnwnt
19920

Dr.Web
Adware.Shopper.520
9.0.1.0306

Emsisoft Anti-Malware
Adware.NetFilter
8.14.11.02.01

ESET NOD32
Win64/Adware.Adpeak (variant)
8.10628

Fortinet FortiGate
Adware/Adpeak
11/2/2014

F-Secure
Application.Generic.738656
11.2014-02-11_1

G Data
Application.Generic.738656
14.11.24

IKARUS anti.virus
PUA.Trioris
t3scan.1.7.8.0

Kaspersky
not-a-virus:AdWare.Win64.Agent
14.0.0.3007

McAfee
Artemis!2463C1D7EDEA
5600.6958

MicroWorld eScan
Application.Generic.738656
15.0.0.918

NANO AntiVirus
Riskware.Win64.Shopper.dfojuj
0.28.2.62841

nProtect
Adware.NetFilter.A
14.10.27.01

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Quick Heal
AdWare.Win64.g5 (Not a Virus)
11.14.14.00

Sophos
Generic PUA GC
4.98

Trend Micro House Call
TROJ_SPNR.0BJI14
7.2.306

Trend Micro
TROJ_SPNR.0BJI14
10.465.02

Vba32 AntiVirus
AdWare.Win64.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
34284

File size:
2.5 MB (2,631,680 bytes)

Product version:
6.00.2900.5512

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\couponarific_de.exe

File PE Metadata
Compilation timestamp:
4/13/2008 7:32:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:4SRupN2hGTZILUBsUnTWCZIcKWTNhWoTg/bwNZxd1hC7nHMsTckEby4+p7NvUu83:B9hfwWaTWCcW5QoTksBdTc5fOy427Nfy

Entry address:
0x645C

Entry point:
E8, 0A, 00, 00, 00, E9, 7A, FF, FF, FF, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, D0, B2, 00, 01, 85, C0, 74, 07, 3D, 40, BB, 00, 00, 75, 4D, 56, 8D, 45, F8, 50, FF, 15, 70, 11, 00, 01, 8B, 75, FC, 33, 75, F8, FF, 15, 6C, 11, 00, 01, 33, F0, FF, 15, 68, 11, 00, 01, 33, F0, FF, 15, 64, 11, 00, 01, 33, F0, 8D, 45, F0, 50, FF, 15, 60, 11, 00, 01, 8B, 45, F4, 33, 45, F0, 33, C6, 25, FF, FF, 00, 00, 5E, 75, 05, B8, 40, BB, 00, 00, A3, D0, B2, 00, 01, F7, D0, A3, CC, B2, 00, 01, C9, C3, CC, CC, CC...
 
[+]

Entropy:
7.9921

Developed / compiled with:
Microsoft CAB SFX

Code size:
38.5 KB (39,424 bytes)

The file couponarific_de.exe has been seen being distributed by the following URL.

Remove couponarific_de.exe - Powered by Reason Core Security