» kzmhgtoyat32.exe
Overview
Analysis
File Details
Behaviors (1)

kzmhgtoyat32.exe

Couponarific

Part of an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application kzmhgtoyat32.exe by Couponarific has been detected as adware by 15 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “kzmhgtoyat32”.

File name:

kzmhgtoyat32.exe

Publisher:

Couponarific (signed and verified)

MD5:

1d097659d9156835d40ad61c54767e7e

SHA-1:

9bf5194ae5debfb392bbfa47d2bec68106e0c6d2

SHA-256:

240e6ad6b827bcc3389ac2cb7ddf6be6713634ec89cafbfaa05f47e8ee6ec3eb

Scanner detections:

15 / 68

Status:

Adware

Explanation:

Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:

11/5/2024 4:35:13 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Adpeak

7.1.1

AhnLab V3 Security

PUP/Win32.MDA

2014.12.06

Avira AntiVirus

APPL/Adpeak.682992

7.11.193.22

AVG

Generic6

2015.0.3258

Dr.Web

Trojan.DownLoad3.35130

9.0.1.0350

ESET NOD32

Win32/Adware.Adpeak (variant)

8.10834

Fortinet FortiGate

Adware/Adpeak

12/16/2014

Kaspersky

not-a-virus:AdWare.Win32.AdPeak

14.0.0.2787

McAfee

Artemis!1D097659D915

5600.6914

NANO AntiVirus

Trojan.Win32.DownLoad3.djkwer

0.28.6.63850

Qihoo 360 Security

HEUR/QVM09.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Service.Couponarific.M

14.12.16.16

Sophos

Generic PUA JL

4.98

Trend Micro House Call

TROJ_GEN.R047H07L314

7.2.350

VIPRE Antivirus

Trojan.Win32.Generic

35460

File size:

667 KB (682,992 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\010\kzmhgtoyat32.exe

Digital Signature

Signed by:

Couponarific

Authority:

GlobalSign nv-sa

Valid from:

10/6/2014 4:12:43 PM

Valid to:

10/7/2015 4:12:43 PM

Subject:

E=support@couponarific.com, CN=Couponarific, O=Couponarific, L=Seattle, S=WA, C=US

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121D5217FDB68336D578AC0747743835652

File PE Metadata

Compilation timestamp:

11/26/2014 11:01:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

CTPH (ssdeep):

12288:9Vq7peS4rDlNOODRcFNxHnalge5w/tv7BaL0Ec/fXs:9M4HO1FzHal5wFvAKk

Entry address:

0x12741

Entry point:

E8, 81, 0D, 01, 00, E9, 41, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D0, 60, 4A, 00, 89, 0D, CC, 60, 4A, 00, 89, 15, C8, 60, 4A, 00, 89, 1D, C4, 60, 4A, 00, 89, 35, C0, 60, 4A, 00, 89, 3D, BC, 60, 4A, 00, 66, 8C, 15, E8, 60, 4A, 00, 66, 8C, 0D, DC, 60, 4A, 00, 66, 8C, 1D, B8, 60, 4A, 00, 66, 8C, 05, B4, 60, 4A, 00, 66, 8C, 25, B0, 60, 4A, 00, 66, 8C, 2D, AC, 60, 4A, 00, 9C, 8F, 05, E0, 60, 4A, 00, 8B, 45, 00, A3, D4, 60, 4A, 00, 8B, 45, 04, A3, D8, 60, 4A, 00, 8D, 45, 08, A3, E4, 60, 4A, 00, 8B... 
[+]

Code size:

480 KB (491,520 bytes)

Service

Display name:

kzmhgtoyat32

Type:

Win32OwnProcess

Remove kzmhgtoyat32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.