home

coupondropdown plugin-codedownloader.exe

CouponDropDown Plugin

Innovative Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application coupondropdown plugin-codedownloader.exe, “CouponDropDown Plugin exe” has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program CouponDropDown Plugin by 215 Apps which is a potentially unwanted software program.
Publisher:
Innovative Apps

Product:
CouponDropDown Plugin

Description:
CouponDropDown Plugin exe

Version:
1000.1000.1000.1000

MD5:
3e97974ab4a8a5c1fbac86bf831b7c22

SHA-1:
8ca1b6be05614e94920737209851a713e688988f

SHA-256:
5cdfa5256eb6bc1817dd71d15460e4da8ea1e47e546bf29c665dd07738593d5d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
1/15/2025 7:31:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InnovativeApps.e
14.3.22.10

File size:
452 KB (462,848 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CouponDropDown Plugin.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\coupondropdown plugin\coupondropdown plugin-codedownloader.exe

File PE Metadata
Compilation timestamp:
4/23/2013 9:04:02 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:n+i4tyI/1DFjppV/qfeFhhp+SxNj4R0GIV5YE/TEL42JCL5pReyHcXWlTBE/rep1:nAntzqy8Xua/ryTR5G2

Entry address:
0x40AF9

Entry point:
E8, FA, B4, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB...
 
[+]

Code size:
362 KB (370,688 bytes)

The file coupondropdown plugin-codedownloader.exe has been discovered within the following program.

CouponDropDown Plugin  by 215 Apps
Innovative Apps' (50OnRed) CouponDropDown BHO is the Browser Helper Object installed into Internet Explorer which has the ability to access and monitor all loaded and requested web pages and content. Removing CouponDropDown is usually a good idea.
www.50onred.com
79% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.112.170:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.42:80)

Remove coupondropdown plugin-codedownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.