duuwysugju32.exe

Couponarific

Part of an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application duuwysugju32.exe by Couponarific has been detected as adware by 16 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “duuwysugju32”.
Publisher:
Couponarific  (signed and verified)

MD5:
3f20673890c685cd93181b46bfe80380

SHA-1:
93cbb90e2617ecff3b4c0bac3d70a41f7dda0de0

SHA-256:
a9d99940531b7f3e207eee311f8f3749a7c81cf5b070c5f871944231c8437c42

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
12/25/2024 1:21:52 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Adpeak
7.1.1

AhnLab V3 Security
PUP/Win32.MDA
2014.12.15

Avira AntiVirus
APPL/Adpeak.682992
7.11.195.126

AVG
Generic6
2015.0.3258

Clam AntiVirus
Win.Trojan.Adpeak
0.98/21511

Comodo Security
ApplicUnwnt
20368

Dr.Web
Trojan.DownLoad3.35130
9.0.1.0350

ESET NOD32
Win32/Adware.Adpeak (variant)
8.10876

K7 AntiVirus
Unwanted-Program
13.187.14319

Kaspersky
not-a-virus:AdWare.Win32.AdPeak
14.0.0.2786

McAfee
Artemis!3F20673890C6
5600.6914

NANO AntiVirus
Trojan.Win32.DownLoad3.djkwer
0.28.6.63850

Panda Antivirus
Generic Suspicious
14.12.16.08

Qihoo 360 Security
HEUR/QVM09.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Service.Couponarific.M
14.12.16.20

VIPRE Antivirus
Trojan.Win32.Generic
35722

File size:
667 KB (682,992 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\010\duuwysugju32.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
10/6/2014 4:12:43 PM

Valid to:
10/7/2015 4:12:43 PM

Subject:
E=support@couponarific.com, CN=Couponarific, O=Couponarific, L=Seattle, S=WA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D5217FDB68336D578AC0747743835652

File PE Metadata
Compilation timestamp:
11/26/2014 10:01:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
12288:sVq7peS4rDlNOODRcFNxHnalge5w/tv7BaL0Ec/fXx:sM4HO1FzHal5wFvAKJ

Entry address:
0x12741

Entry point:
E8, 81, 0D, 01, 00, E9, 41, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D0, 60, 4A, 00, 89, 0D, CC, 60, 4A, 00, 89, 15, C8, 60, 4A, 00, 89, 1D, C4, 60, 4A, 00, 89, 35, C0, 60, 4A, 00, 89, 3D, BC, 60, 4A, 00, 66, 8C, 15, E8, 60, 4A, 00, 66, 8C, 0D, DC, 60, 4A, 00, 66, 8C, 1D, B8, 60, 4A, 00, 66, 8C, 05, B4, 60, 4A, 00, 66, 8C, 25, B0, 60, 4A, 00, 66, 8C, 2D, AC, 60, 4A, 00, 9C, 8F, 05, E0, 60, 4A, 00, 8B, 45, 00, A3, D4, 60, 4A, 00, 8B, 45, 04, A3, D8, 60, 4A, 00, 8D, 45, 08, A3, E4, 60, 4A, 00, 8B...
 
[+]

Entropy:
6.3545

Code size:
480 KB (491,520 bytes)

Service
Display name:
duuwysugju32

Type:
Win32OwnProcess


Remove duuwysugju32.exe - Powered by Reason Core Security