home

coupons64.dll

Cloud Installer

The module coupons64.dll by Cloud Installer has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Browser Extensions by Spigot, Inc. which is a potentially unwanted software program.
Publisher:
Cloud Installer  (signed and verified)

Version:
1, 9, 0, 1

MD5:
9cccdb3ba491e6848ac17c3674538167

SHA-1:
38c15cbfddf9c78ec51314eabfaca375b53384dc

SHA-256:
99a7d347c64a48a1100c57655f742accbc5466b8370f76050cb412eeaf46462e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/28/2024 2:38:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Softpulse (M)
16.11.24.18

File size:
522.8 KB (535,296 bytes)

Product version:
1, 9, 0, 1

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\browserextensions\coupons64.dll

Digital Signature
Signed by:
Cloud Installer

Authority:
GoDaddy.com, Inc.

Valid from:
10/15/2016 6:56:38 AM

Valid to:
3/8/2017 9:16:38 AM

Subject:
CN=Cloud Installer, O=Cloud Installer, L=Incline Village, S=Nevada, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00B90F0254308FAC21

Registration
CLSID:
{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
11/21/2016 9:03:35 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:Ett5pwd2GcPf8LDf1KlcbblWudMPMLPCBl2TBqzZ9k/8uGv+ASbRKC:Mtfw8Gc3uycbbzQMOl2TEZN8KC

Entry address:
0x2F594

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, AF, 8B, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, AB, FE, FF, FF, CC, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 41, 54, 41, 55, 48, 83, EC, 40, 48, 89, 64, 24, 30, 45, 8B, E0, 48, 8B, FA, 48, 8B, F1, 45, 33, ED, 41, 8B, C5, 49, 3B, CD, 0F, 95, C0, 41, 3B, C5, 75, 26, E8, E5, 01, 00, 00, C7, 00, 16, 00, 00, 00, 4C, 89, 6C...
 
[+]

Entropy:
6.0691

Code size:
284 KB (290,816 bytes)

The file coupons64.dll has been discovered within the following program.

Browser Extensions  by Spigot, Inc.
Publisher's description - “The toolbar communicates with our servers from time to time to check for available software updates such as bug fixes, patches, enhanced functions and new versions. By installing the toolbar, you agree to automatically request and receive updates.”
www.spigot.com
66% remove it
 
Powered by Should I Remove It?

Remove coupons64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.