couponarific_us.exe

Win32 Cabinet Self-Extractor

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application couponarific_us.exe, “Win32 Cabinet Self-Extractor ” has been detected as a potentially unwanted program by 28 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dm930xmxv1gqs.cloudfront.net.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft® Windows® Operating System

Description:
Win32 Cabinet Self-Extractor

Version:
6.00.2900.5512 (xpsp.080413-2105)

MD5:
df53154f462985c7a909fa8d65ae44da

SHA-1:
27e964709bfd75598241ec87854dfa0d14b97dfb

SHA-256:
765a28e8284aad5ef04d1671db2895b5ff37f8e477584ea695dd22cf57494965

Scanner detections:
28 / 68

Status:
Potentially unwanted

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
12/24/2024 12:27:19 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.738656
825

AegisLab AV Signature
Troj.Downloader.W32.Genome
2.1.4+

Agnitum Outpost
PUA.Adpeak
7.1.1

Avira AntiVirus
SPR/Tool.2583937
7.11.182.42

avast!
Win32:Adware-gen [Adw]
2014.9-141101

AVG
Generic_r
2015.0.3303

Baidu Antivirus
Adware.Win64.Agent
4.0.3.14111

Bitdefender
Application.Generic.738656
1.0.20.1525

Comodo Security
ApplicUnwnt
19934

Dr.Web
Adware.Shopper.520
9.0.1.0305

Emsisoft Anti-Malware
Adware.NetFilter
8.14.11.01.04

ESET NOD32
Win64/Adware.Adpeak (variant)
8.10639

Fortinet FortiGate
Adware/Adpeak
11/1/2014

F-Secure
Application.Generic.738656
11.2014-01-11_7

G Data
Application.Generic.738656
14.11.24

IKARUS anti.virus
AdWare.SwiftBrowse
t3scan.1.8.3.0

Kaspersky
not-a-virus:AdWare.Win64.Agent
14.0.0.3012

McAfee
Artemis!DF53154F4629
5600.6959

MicroWorld eScan
Application.Generic.738656
15.0.0.915

NANO AntiVirus
Riskware.Win64.Shopper.dfojuj
0.28.6.62995

nProtect
Adware.NetFilter.A
14.10.29.01

Qihoo 360 Security
HEUR/QVM06.1.Malware.Gen
1.0.0.1015

Quick Heal
AdWare.Win64.g5 (Not a Virus)
11.14.14.00

Sophos
Generic PUA GC
4.98

Trend Micro House Call
TROJ_SPNR.0BJI14
7.2.305

Trend Micro
TROJ_SPNR.0BJI14
10.465.01

Vba32 AntiVirus
AdWare.Win64.Agent
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
34342

File size:
2.5 MB (2,631,680 bytes)

Product version:
6.00.2900.5512

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\couponarific_us.exe

File PE Metadata
Compilation timestamp:
4/13/2008 2:32:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:uSRupN2hGTZILUBsUnTWCZIcKWTNhWoTg/bwNZxd1hC7nHMsTckEby4+p7NvUu85:79hfwWaTWCcW5QoTksBdTc5fOy427Nfk

Entry address:
0x645C

Entry point:
E8, 0A, 00, 00, 00, E9, 7A, FF, FF, FF, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, D0, B2, 00, 01, 85, C0, 74, 07, 3D, 40, BB, 00, 00, 75, 4D, 56, 8D, 45, F8, 50, FF, 15, 70, 11, 00, 01, 8B, 75, FC, 33, 75, F8, FF, 15, 6C, 11, 00, 01, 33, F0, FF, 15, 68, 11, 00, 01, 33, F0, FF, 15, 64, 11, 00, 01, 33, F0, 8D, 45, F0, 50, FF, 15, 60, 11, 00, 01, 8B, 45, F4, 33, 45, F0, 33, C6, 25, FF, FF, 00, 00, 5E, 75, 05, B8, 40, BB, 00, 00, A3, D0, B2, 00, 01, F7, D0, A3, CC, B2, 00, 01, C9, C3, CC, CC, CC...
 
[+]

Entropy:
7.9921

Developed / compiled with:
Microsoft CAB SFX

Code size:
38.5 KB (39,424 bytes)

The file couponarific_us.exe has been seen being distributed by the following URL.

Remove couponarific_us.exe - Powered by Reason Core Security