» coupons.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

coupons.dll

Cloud Installer

The module coupons.dll by Cloud Installer has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Browser Extensions’. This file is typically installed with the program Browser Extensions by Spigot, Inc. which is a potentially unwanted software program.

File name:

coupons.dll

Publisher:

Cloud Installer (signed and verified)

Version:

1, 9, 0, 1

MD5:

c89401d09d1aed43536a578ebf87900e

SHA-1:

2ce146ca92ad43944ad9757af9fb9c135462d280

SHA-256:

f6c12c42bd9e96c5e9b6d5cdf10a4e2b0212e8fd047aebb52b197ccd23356d4f

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/28/2024 2:37:46 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Softpulse (M)

16.11.24.16

File size:

427.3 KB (437,504 bytes)

Product version:

1, 9, 0, 1

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\browserextensions\coupons.dll

Digital Signature

Signed by:

Cloud Installer

Authority:

GoDaddy.com, Inc.

Valid from:

10/15/2016 5:56:38 AM

Valid to:

3/8/2017 8:16:38 AM

Subject:

CN=Cloud Installer, O=Cloud Installer, L=Incline Village, S=Nevada, C=US

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

00B90F0254308FAC21

File PE Metadata

Compilation timestamp:

11/21/2016 8:02:18 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:wxwv3KG2+Uw9cfC8o7zciFbJVVXAWTLZN8KfW/:wIt2+UB68oEYbJVdTL0/

Entry address:

0x266F7

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 38, 8F, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 6A, 0C, 68, 90, 4D, 04, 10, E8, C2, 14, 00, 00, 33, F6, 89, 75, E4, 33, C0, 8B, 5D, 08, 3B, DE, 0F, 95, C0, 3B, C6, 75, 1C, E8, 69, 01, 00, 00, C7, 00, 16, 00, 00, 00, 56, 56, 56, 56, 56, E8, FF, EC, FF, FF, 83, C4, 14, 33, C0, EB, 7B, 33, C0, 8B, 7D, 0C, 3B, FE, 0F, 95, C0, 3B, C6, 74, D6, 33, C0, 66, 39, 37, 0F, 95, C0, 3B, C6, 74, CA, E8, CA, 93, 00, 00, 89, 45, 08... 
[+]

Entropy:

6.3445

Code size:

232 KB (237,568 bytes)

Internet Explorer BHO

Display name:

Browser Extensions

CLSID:

{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}

The file coupons.dll has been discovered within the following program.

Browser Extensions by Spigot, Inc.

Publisher's description - “The toolbar communicates with our servers from time to time to check for available software updates such as bug fixes, patches, enhanced functions and new versions. By installing the toolbar, you agree to automatically request and receive updates.”

www.spigot.com

66% remove it

Remove coupons.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.