couponprinter.exe

Coupon Printer

Coupons, Inc.

The application couponprinter.exe, “Coupon Printer Installer” by Coupons has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the Setup Factory installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdns.cpnscdn.com and multiple other hosts.
Publisher:
Coupons.com Incorporated  (signed by Coupons, Inc.)

Product:
Coupon Printer

Description:
Coupon Printer Installer

Version:
5.0.0.10

MD5:
0d28fcc64cdf57e2eb0296f4c11cb2b6

SHA-1:
5c6ec6e2d55109d64ea0ca024782a11568159b45

SHA-256:
86e1e2370ac0d7962695c45cc37e261e1975a59186ce30667f836ea5f70c2569

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 6:19:07 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Coupons.34
9.0.1.0246

Reason Heuristics
PUP.Installer.Coupons.N
14.9.3.11

Trend Micro House Call
TROJ_GEN.F47V0612
7.2.246

XVirus List
Win32.Detected
2.4.3

File size:
2 MB (2,072,488 bytes)

Product version:
5.0.0.10

Copyright:
Copyright © 2014 by Coupons.com Incorporated

Original file name:
suf80_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\couponprinter.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/17/2012 8:00:00 PM

Valid to:
10/17/2015 7:59:59 PM

Subject:
CN="Coupons, Inc.", OU=Coupons.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Coupons, Inc.", L=Palo Alto, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3B0915310C9D42DC14785EF80FDBA531

File PE Metadata
Compilation timestamp:
6/22/2010 9:31:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
49152:U3LW8RVtFqav5+PyANArK5ENLy6faaE7Bk/iIjNgI:UaYVGavMPArzzfEVk/iah

Entry address:
0x3079

Entry point:
E8, FB, 2E, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 04, 89, 7D, FC, 8B, 7D, 08, 8B, 4D, 0C, C1, E9, 07, 66, 0F, EF, C0, EB, 08, 8D, A4, 24, 00, 00, 00, 00, 90, 66, 0F, 7F, 07, 66, 0F, 7F, 47, 10, 66, 0F, 7F, 47, 20, 66, 0F, 7F, 47, 30, 66, 0F, 7F, 47, 40, 66, 0F, 7F, 47, 50, 66, 0F, 7F, 47, 60, 66, 0F, 7F, 47, 70, 8D, BF, 80, 00, 00, 00, 49, 75, D0, 8B, 7D, FC, 8B, E5, 5D, C3, 55, 8B, EC, 83, EC, 10, 89, 7D, FC, 8B, 45, 08, 99, 8B, F8, 33, FA, 2B, FA, 83, E7, 0F, 33, FA, 2B, FA, 85, FF, 75, 3C, 8B...
 
[+]

Entropy:
7.9503  (probably packed)

Code size:
32 KB (32,768 bytes)

The file couponprinter.exe has been seen being distributed by the following 8 URLs.

https://cdns.cpnscdn.com/ftp.coupons.com/.../couponprinter.exe

https://cdn.cpnscdn.com/ftp.coupons.com/partners/.../CouponPrinter.exe

Remove couponprinter.exe - Powered by Reason Core Security