couponprinter.exe

Coupon Printer

Coupons, Inc.

The application couponprinter.exe, “Coupon Printer Installer” by Coupons has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the Setup Factory installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn.coupons.com and multiple other hosts.
Publisher:
Coupons.com Incorporated  (signed by Coupons, Inc.)

Product:
Coupon Printer

Description:
Coupon Printer Installer

Version:
5.0.1.8

MD5:
d1550b37c41d098b12a901e57405386e

SHA-1:
291cb101dc71675faf2572a74109900896d9ec4a

SHA-256:
c4508eeaf2e412ad790ebf3ff602662de0c4f00d85893fd060acdca604f96b4c

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 5:20:49 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.Coupons
4.0.3.1617

Dr.Web
Adware.Coupons.42
9.0.1.05190

ESET NOD32
Win32/Adware.Coupons.AA application
7.0.302.0

Fortinet FortiGate
Adware/Coupons
1/7/2016

Kaspersky
not-a-virus:AdWare.Win32.Coupons
14.0.0.853

Malwarebytes
Adware.Coupons
v2016.01.07.09

Panda Antivirus
Generic Suspicious
16.01.07.09

Reason Heuristics
PUP.Coupons.Couponsorporated.Installer (M)
16.1.7.9

SUPERAntiSpyware
PUP.CouponPrinter/Variant
9400

Zillya! Antivirus
Adware.Coupons.Win32.22
2.0.0.2464

File size:
2.9 MB (3,030,680 bytes)

Product version:
5.0.1.8

Copyright:
Copyright © 2015 by Coupons.com Incorporated

Original file name:
suf80_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\couponprinter.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
8/18/2015 7:00:00 PM

Valid to:
11/17/2018 5:59:59 PM

Subject:
CN="Coupons, Inc.", O="Coupons, Inc.", L=Mountain View, S=California, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
4F38AF813C7D0C27C7B33E83E2BD8C7B

File PE Metadata
Compilation timestamp:
6/22/2010 8:31:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:y3LW8RVtGFhHfjPqUPH9nQQiczWyDydYo5N3gEA4/EdTDmmyVF7l2:yaYV0THr/PH91ydYokEA4/EdPmmyo

Entry address:
0x3079

Entry point:
E8, FB, 2E, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 04, 89, 7D, FC, 8B, 7D, 08, 8B, 4D, 0C, C1, E9, 07, 66, 0F, EF, C0, EB, 08, 8D, A4, 24, 00, 00, 00, 00, 90, 66, 0F, 7F, 07, 66, 0F, 7F, 47, 10, 66, 0F, 7F, 47, 20, 66, 0F, 7F, 47, 30, 66, 0F, 7F, 47, 40, 66, 0F, 7F, 47, 50, 66, 0F, 7F, 47, 60, 66, 0F, 7F, 47, 70, 8D, BF, 80, 00, 00, 00, 49, 75, D0, 8B, 7D, FC, 8B, E5, 5D, C3, 55, 8B, EC, 83, EC, 10, 89, 7D, FC, 8B, 45, 08, 99, 8B, F8, 33, FA, 2B, FA, 83, E7, 0F, 33, FA, 2B, FA, 85, FF, 75, 3C, 8B...
 
[+]

Entropy:
7.9733  (probably packed)

Code size:
32 KB (32,768 bytes)

The file couponprinter.exe has been seen being distributed by the following 14 URLs.

http://cdn.coupons.com/ftp.coupons.com/.../CouponPrinter.exe

http://couponbar.coupons.com/CouponPrinterInstall.asp?partner=no&pid=15220&nid=10&zid=py63

http://cdn.cpnscdn.com/ftp.coupons.com/.../CouponPrinter.exe

http://cdn.cpnscdn.com/ftp.coupons.com/.../CouponPrinter.exe

Remove couponprinter.exe - Powered by Reason Core Security