lbvxatjqpw32.exe

Couponarific

Part of an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application lbvxatjqpw32.exe by Couponarific has been detected as adware by 16 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “lbvxatjqpw32”.
Publisher:
Couponarific  (signed and verified)

MD5:
94f2db04f90a494821da31952bb537dc

SHA-1:
e6aff4acb468d9b059e24d188eab656ae9ef2f00

SHA-256:
5a118b75b77854543b3001d3973b4b494bc2ad05d8d3eda7e58e399a22ce16f5

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
12/25/2024 1:26:22 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Adpeak
7.1.1

AhnLab V3 Security
PUP/Win32.MDA
2014.12.22

Avira AntiVirus
APPL/Adpeak.682992
7.11.197.26

AVG
Generic6
2015.0.3253

Clam AntiVirus
Win.Trojan.Adpeak
0.98/19817

Comodo Security
ApplicUnwnt
20436

Dr.Web
Trojan.DownLoad3.35130
9.0.1.05190

ESET NOD32
Win32/Adware.Adpeak.Q application
7.0.302.0

K7 AntiVirus
Unwanted-Program
13.188.14395

Kaspersky
not-a-virus:AdWare.Win32.AdPeak
15.0.0.543

McAfee
Trojan.Artemis!94F2DB04F90A
16.8.708.2

NANO AntiVirus
Trojan.Win32.DownLoad3.djkwer
0.28.6.64267

Reason Heuristics
PUP.Service.Couponarific.M
14.12.21.12

Vba32 AntiVirus
AdWare.AdPeak
3.12.26.3

VIPRE Antivirus
Threat.4150696
35418

Zillya! Antivirus
Adware.AdPeak.Win32.8
2.0.0.2012

File size:
667 KB (682,992 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\010\lbvxatjqpw32.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
10/6/2014 4:12:43 PM

Valid to:
10/7/2015 4:12:43 PM

Subject:
E=support@couponarific.com, CN=Couponarific, O=Couponarific, L=Seattle, S=WA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D5217FDB68336D578AC0747743835652

File PE Metadata
Compilation timestamp:
11/26/2014 10:01:35 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
12288:WVq7peS4rDlNOODRcFNxHnalge5w/tv7BaL0Ec/fXH:WM4HO1FzHal5wFvAK/

Entry address:
0x12741

Entry point:
E8, 81, 0D, 01, 00, E9, 41, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D0, 60, 4A, 00, 89, 0D, CC, 60, 4A, 00, 89, 15, C8, 60, 4A, 00, 89, 1D, C4, 60, 4A, 00, 89, 35, C0, 60, 4A, 00, 89, 3D, BC, 60, 4A, 00, 66, 8C, 15, E8, 60, 4A, 00, 66, 8C, 0D, DC, 60, 4A, 00, 66, 8C, 1D, B8, 60, 4A, 00, 66, 8C, 05, B4, 60, 4A, 00, 66, 8C, 25, B0, 60, 4A, 00, 66, 8C, 2D, AC, 60, 4A, 00, 9C, 8F, 05, E0, 60, 4A, 00, 8B, 45, 00, A3, D4, 60, 4A, 00, 8B, 45, 04, A3, D8, 60, 4A, 00, 8D, 45, 08, A3, E4, 60, 4A, 00, 8B...
 
[+]

Entropy:
6.3545

Code size:
480 KB (491,520 bytes)

Service
Display name:
lbvxatjqpw32

Type:
Win32OwnProcess


Remove lbvxatjqpw32.exe - Powered by Reason Core Security