coupondropdown.exe

CouponDropDown Plugin

Engaging Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application coupondropdown.exe, “CouponDropDown Plugin Installer” by Engaging Apps has been detected as adware by 8 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Innovative Apps  (signed by Engaging Apps)

Product:
CouponDropDown Plugin

Description:
CouponDropDown Plugin Installer

Version:
1.29.153.2

MD5:
14eede3817f9a0efaf549a415fdda885

SHA-1:
c8f0749857dbafc64b43b4aad243ca5db6884524

SHA-256:
19ac5c07ff3d85f9cb2f82a6615961183fe2c02dfce945f5d911bf5a5a4a6684

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
12/25/2024 12:43:58 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
SmartShopper.M
2015.0.3576

Bkav FE
W32.Clode47.Trojan
1.3.0.4923

Dr.Web
Trojan.Crossrider.10
9.0.1.032

McAfee
Artemis!14EEDE3817F9
5600.7232

Reason Heuristics
PUP.Installer.EngagingApps.O
14.8.7.21

Sophos
AppRider
4.97

Trend Micro House Call
TROJ_GEN.F47V1021
7.2.32

VIPRE Antivirus
GamePlayLabs
25900

File size:
3.7 MB (3,832,520 bytes)

Copyright:
Copyright Innovative Apps

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\coupondropdown.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/3/2013 5:00:00 PM

Valid to:
6/4/2014 4:59:59 PM

Subject:
CN=Engaging Apps, O=Engaging Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
632EEBD9B987BC680D444D8675A26545

File PE Metadata
Compilation timestamp:
2/19/2012 7:01:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
98304:CELVpt5YrKTnqSyeWbzoE9kEwpDXMMYG:CExLu2TqSyeWIN1pA

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9926  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The file coupondropdown.exe has been seen being distributed by the following URL.

Remove coupondropdown.exe - Powered by Reason Core Security