» duuwysugju32.exe
Overview
Analysis
File Details
Behaviors (1)

duuwysugju32.exe

Couponarific

Part of an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application duuwysugju32.exe by Couponarific has been detected as adware by 16 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “duuwysugju32”.

File name:

duuwysugju32.exe

Publisher:

Couponarific (signed and verified)

MD5:

3f20673890c685cd93181b46bfe80380

SHA-1:

93cbb90e2617ecff3b4c0bac3d70a41f7dda0de0

SHA-256:

a9d99940531b7f3e207eee311f8f3749a7c81cf5b070c5f871944231c8437c42

Scanner detections:

16 / 68

Status:

Adware

Explanation:

Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:

11/5/2024 4:40:28 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Adpeak

7.1.1

AhnLab V3 Security

PUP/Win32.MDA

2014.12.15

Avira AntiVirus

APPL/Adpeak.682992

7.11.195.126

AVG

Generic6

2015.0.3258

Clam AntiVirus

Win.Trojan.Adpeak

0.98/21511

Comodo Security

ApplicUnwnt

20368

Dr.Web

Trojan.DownLoad3.35130

9.0.1.0350

ESET NOD32

Win32/Adware.Adpeak (variant)

8.10876

K7 AntiVirus

Unwanted-Program

13.187.14319

Kaspersky

not-a-virus:AdWare.Win32.AdPeak

14.0.0.2786

McAfee

Artemis!3F20673890C6

5600.6914

NANO AntiVirus

Trojan.Win32.DownLoad3.djkwer

0.28.6.63850

Panda Antivirus

Generic Suspicious

14.12.16.08

Qihoo 360 Security

HEUR/QVM09.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Service.Couponarific.M

14.12.16.20

VIPRE Antivirus

Trojan.Win32.Generic

35722

File size:

667 KB (682,992 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\010\duuwysugju32.exe

Digital Signature

Signed by:

Couponarific

Authority:

GlobalSign nv-sa

Valid from:

10/6/2014 4:12:43 PM

Valid to:

10/7/2015 4:12:43 PM

Subject:

E=support@couponarific.com, CN=Couponarific, O=Couponarific, L=Seattle, S=WA, C=US

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121D5217FDB68336D578AC0747743835652

File PE Metadata

Compilation timestamp:

11/26/2014 10:01:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

CTPH (ssdeep):

12288:sVq7peS4rDlNOODRcFNxHnalge5w/tv7BaL0Ec/fXx:sM4HO1FzHal5wFvAKJ

Entry address:

0x12741

Entry point:

E8, 81, 0D, 01, 00, E9, 41, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D0, 60, 4A, 00, 89, 0D, CC, 60, 4A, 00, 89, 15, C8, 60, 4A, 00, 89, 1D, C4, 60, 4A, 00, 89, 35, C0, 60, 4A, 00, 89, 3D, BC, 60, 4A, 00, 66, 8C, 15, E8, 60, 4A, 00, 66, 8C, 0D, DC, 60, 4A, 00, 66, 8C, 1D, B8, 60, 4A, 00, 66, 8C, 05, B4, 60, 4A, 00, 66, 8C, 25, B0, 60, 4A, 00, 66, 8C, 2D, AC, 60, 4A, 00, 9C, 8F, 05, E0, 60, 4A, 00, 8B, 45, 00, A3, D4, 60, 4A, 00, 8B, 45, 04, A3, D8, 60, 4A, 00, 8D, 45, 08, A3, E4, 60, 4A, 00, 8B... 
[+]

Entropy:

6.3545

Code size:

480 KB (491,520 bytes)

Service

Display name:

duuwysugju32

Type:

Win32OwnProcess

Remove duuwysugju32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.