home

couponprinter.exe

Coupon Printer

Coupons, Inc.

The application couponprinter.exe, “Coupon Printer Installer” by Coupons has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the Setup Factory installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from bricks.coupons.com and multiple other hosts.
Publisher:
Coupons.com Incorporated  (signed by Coupons, Inc.)

Product:
Coupon Printer

Description:
Coupon Printer Installer

Version:
5.0.1.4

MD5:
d1b77cdb88b88447fa4ef6cf2ab42a4e

SHA-1:
746c69e69450f111191068d826c52b4d399fcb06

SHA-256:
1eb82a5a80df4345161291a347a4a55095c891fcdcaf4ce59e7191b586684f00

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 10:45:56 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Coupons.34
9.0.1.052

Emsisoft Anti-Malware
Gen:Trojan.Heur.KT.2.nm0@aKuY1cci
8.15.02.21.10

Reason Heuristics
PUP.Installer.Coupons
15.2.21.10

Trend Micro House Call
TROJ_GEN.F47V0612
7.2.52

XVirus List
Win32.Detected
2.4.3

File size:
1.9 MB (1,949,720 bytes)

Product version:
5.0.1.4

Copyright:
Copyright © 2015 by Coupons.com Incorporated

Original file name:
suf80_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\couponprinter.exe

Digital Signature
Signed by:
Coupons, Inc.

Authority:
VeriSign, Inc.

Valid from:
10/17/2012 8:00:00 PM

Valid to:
10/17/2015 7:59:59 PM

Subject:
CN="Coupons, Inc.", OU=Coupons.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Coupons, Inc.", L=Palo Alto, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3B0915310C9D42DC14785EF80FDBA531

File PE Metadata
Compilation timestamp:
6/22/2010 9:31:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:pF3/TOMs8RVFXqjaOHVV3TJEPG/o4MGLb4+ThDry6fchPDwnPRoab8KffUwYdp:T3LW8RVt+HfyP8o4Lty6fcCnuQFYH

Entry address:
0x3079

Entry point:
E8, FB, 2E, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 04, 89, 7D, FC, 8B, 7D, 08, 8B, 4D, 0C, C1, E9, 07, 66, 0F, EF, C0, EB, 08, 8D, A4, 24, 00, 00, 00, 00, 90, 66, 0F, 7F, 07, 66, 0F, 7F, 47, 10, 66, 0F, 7F, 47, 20, 66, 0F, 7F, 47, 30, 66, 0F, 7F, 47, 40, 66, 0F, 7F, 47, 50, 66, 0F, 7F, 47, 60, 66, 0F, 7F, 47, 70, 8D, BF, 80, 00, 00, 00, 49, 75, D0, 8B, 7D, FC, 8B, E5, 5D, C3, 55, 8B, EC, 83, EC, 10, 89, 7D, FC, 8B, 45, 08, 99, 8B, F8, 33, FA, 2B, FA, 83, E7, 0F, 33, FA, 2B, FA, 85, FF, 75, 3C, 8B...
 
[+]

Entropy:
7.9449  (probably packed)

Code size:
32 KB (32,768 bytes)

The file couponprinter.exe has been seen being distributed by the following 2 URLs.

http://bricks.coupons.com/Download.asp?dir=KelloggCompany

http://cdn.cpnscdn.com/ftp.coupons.com/partners/clients/.../couponprinter.exe

Remove couponprinter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.