kzmhgtoyat32.exe

Couponarific

Part of an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application kzmhgtoyat32.exe by Couponarific has been detected as adware by 15 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “kzmhgtoyat32”.
Publisher:
Couponarific  (signed and verified)

MD5:
1d097659d9156835d40ad61c54767e7e

SHA-1:
9bf5194ae5debfb392bbfa47d2bec68106e0c6d2

SHA-256:
240e6ad6b827bcc3389ac2cb7ddf6be6713634ec89cafbfaa05f47e8ee6ec3eb

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
12/25/2024 1:25:36 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Adpeak
7.1.1

AhnLab V3 Security
PUP/Win32.MDA
2014.12.06

Avira AntiVirus
APPL/Adpeak.682992
7.11.193.22

AVG
Generic6
2015.0.3258

Dr.Web
Trojan.DownLoad3.35130
9.0.1.0350

ESET NOD32
Win32/Adware.Adpeak (variant)
8.10834

Fortinet FortiGate
Adware/Adpeak
12/16/2014

Kaspersky
not-a-virus:AdWare.Win32.AdPeak
14.0.0.2787

McAfee
Artemis!1D097659D915
5600.6914

NANO AntiVirus
Trojan.Win32.DownLoad3.djkwer
0.28.6.63850

Qihoo 360 Security
HEUR/QVM09.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Service.Couponarific.M
14.12.16.16

Sophos
Generic PUA JL
4.98

Trend Micro House Call
TROJ_GEN.R047H07L314
7.2.350

VIPRE Antivirus
Trojan.Win32.Generic
35460

File size:
667 KB (682,992 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\010\kzmhgtoyat32.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
10/6/2014 4:12:43 PM

Valid to:
10/7/2015 4:12:43 PM

Subject:
E=support@couponarific.com, CN=Couponarific, O=Couponarific, L=Seattle, S=WA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D5217FDB68336D578AC0747743835652

File PE Metadata
Compilation timestamp:
11/26/2014 11:01:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
12288:9Vq7peS4rDlNOODRcFNxHnalge5w/tv7BaL0Ec/fXs:9M4HO1FzHal5wFvAKk

Entry address:
0x12741

Entry point:
E8, 81, 0D, 01, 00, E9, 41, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D0, 60, 4A, 00, 89, 0D, CC, 60, 4A, 00, 89, 15, C8, 60, 4A, 00, 89, 1D, C4, 60, 4A, 00, 89, 35, C0, 60, 4A, 00, 89, 3D, BC, 60, 4A, 00, 66, 8C, 15, E8, 60, 4A, 00, 66, 8C, 0D, DC, 60, 4A, 00, 66, 8C, 1D, B8, 60, 4A, 00, 66, 8C, 05, B4, 60, 4A, 00, 66, 8C, 25, B0, 60, 4A, 00, 66, 8C, 2D, AC, 60, 4A, 00, 9C, 8F, 05, E0, 60, 4A, 00, 8B, 45, 00, A3, D4, 60, 4A, 00, 8B, 45, 04, A3, D8, 60, 4A, 00, 8D, 45, 08, A3, E4, 60, 4A, 00, 8B...
 
[+]

Code size:
480 KB (491,520 bytes)

Service
Display name:
kzmhgtoyat32

Type:
Win32OwnProcess


Remove kzmhgtoyat32.exe - Powered by Reason Core Security