» nov26adk_20141201.exe
Overview
Analysis
File Details

nov26adk_20141201.exe

Couponarific

This is the instaler for an an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application nov26adk_20141201.exe by Couponarific has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.

File name:

Publisher:

Couponarific (signed and verified)

MD5:

835251c871a7a05d85c0c54d618a4d62

SHA-1:

814c3b109d29888bc3cd170bc1348e272b035d21

SHA-256:

19c1bccb08d7ad92f80970175da477b12f61e5b51360fb69664971368d64d363

Scanner detections:

19 / 68

Status:

Adware

Explanation:

Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:

11/5/2024 4:33:49 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Adpeak

7.1.1

Avira AntiVirus

APPL/Adpeak.682992

7.11.195.144

AVG

Generic6

2015.0.3259

Clam AntiVirus

Win.Trojan.Adpeak

0.98/21511

Dr.Web

Trojan.DownLoad3.35130

9.0.1.0350

ESET NOD32

Win32/Adware.Adpeak (variant)

8.10877

Fortinet FortiGate

Adware/Adpeak

12/16/2014

K7 AntiVirus

Unwanted-Program

13.187.14332

Kaspersky

not-a-virus:AdWare.Win32.AdPeak

14.0.0.2789

McAfee

Artemis!835251C871A7

5600.6915

NANO AntiVirus

Trojan.Win32.DownLoad3.djkwer

0.28.6.63850

Panda Antivirus

Generic Suspicious

14.12.16.05

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Couponarific.R

14.12.16.5

Sophos

Generic PUA MO

4.98

Trend Micro House Call

Suspicious_GEN.F47V1201

7.2.350

Trend Micro

ADW_ADPEAK

10.465.16

VIPRE Antivirus

Trojan.Win32.Generic

35736

Zillya! Antivirus

Adware.AdPeak.Win32.5

2.0.0.2006

File size:

346.1 KB (354,360 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\nov26adk_20141201.exe

Digital Signature

Signed by:

Couponarific

Authority:

GlobalSign nv-sa

Valid from:

10/6/2014 10:12:43 PM

Valid to:

10/7/2015 10:12:43 PM

Subject:

E=support@couponarific.com, CN=Couponarific, O=Couponarific, L=Seattle, S=WA, C=US

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121D5217FDB68336D578AC0747743835652

File PE Metadata

Compilation timestamp:

10/7/2014 6:40:14 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:ooGzI1XcZfwYjkKPfoFLYbjjp/VCmqsxLUx4jyBzX76V1tpnLODIcoUg:obVdweFfmlsxICj2zOVPQD+Ug

Entry address:

0x31FF

Entry point:

81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 09, A3, 78, 92, 42, 00, E8, FD, 2E, 00, 00, A3, C4, 91, 42, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, 70, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, C0, 81, 42, 00, E8, 68, 2B, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 56, 2B, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove nov26adk_20141201.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.