home

couponshelper.exe

Cloud Installer

The application couponshelper.exe by Cloud Installer has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Browser Extensions’. This file is typically installed with the program Browser Extensions by Spigot, Inc. which is a potentially unwanted software program.
Publisher:
Cloud Installer  (signed and verified)

MD5:
d08beb0ad852b692b3177bcdc8d7c331

SHA-1:
83c7674960eaa5361b8ca8827e4e296a077c8589

SHA-256:
51ad2d3aaf29cb9afca60cc83332fda47785c186c1861bb1e9cbf6067dbe734b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/28/2024 2:56:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Softpulse (M)
16.10.17.13

File size:
1.1 MB (1,162,496 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\browser extensions\couponshelper.exe

Digital Signature
Signed by:
Cloud Installer

Authority:
GoDaddy.com, Inc.

Valid from:
3/9/2016 8:55:38 PM

Valid to:
3/7/2017 1:16:38 PM

Subject:
CN=Cloud Installer, O=Cloud Installer, L=Incline Village, S=Nevada, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
59F80236730E4539

File PE Metadata
Compilation timestamp:
9/7/2016 11:36:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:dwpA+FrjqyGt0YTRzw7n/sM9KVPDf5qjg/WGiM6yl9VXXqThuqw2XT7:WpA+FrjqyCDRzwL/sMGkg/Wbyl9VXXqz

Entry address:
0xA3CCB

Entry point:
E8, E3, C3, 00, 00, E9, A5, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 26, 04, 00, 00, 3B, 0D, 04, 33, 4F, 00, 75, 02, F3, C3, E9, 5A, C4, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, B1, 10, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 93, 06, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 8C, 10, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 8D, 34, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D...
 
[+]

Entropy:
6.6089

Code size:
807.5 KB (826,880 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Browser Extensions

Command:
"C:\users\{user}\appdata\roaming\browser extensions\couponshelper.exe"


The file couponshelper.exe has been discovered within the following programs.

Browser Extensions  by Spigot, Inc.
Publisher's description - “The toolbar communicates with our servers from time to time to check for available software updates such as bug fixes, patches, enhanced functions and new versions. By installing the toolbar, you agree to automatically request and receive updates.”
www.spigot.com
66% remove it
 
Powered by Should I Remove It?

Remove couponshelper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.