nov26adk_20141201.exe

Couponarific

This is the instaler for an an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application nov26adk_20141201.exe by Couponarific has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.
Publisher:
Couponarific  (signed and verified)

MD5:
835251c871a7a05d85c0c54d618a4d62

SHA-1:
814c3b109d29888bc3cd170bc1348e272b035d21

SHA-256:
19c1bccb08d7ad92f80970175da477b12f61e5b51360fb69664971368d64d363

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
12/25/2024 1:14:27 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Adpeak
7.1.1

Avira AntiVirus
APPL/Adpeak.682992
7.11.195.144

AVG
Generic6
2015.0.3259

Clam AntiVirus
Win.Trojan.Adpeak
0.98/21511

Dr.Web
Trojan.DownLoad3.35130
9.0.1.0350

ESET NOD32
Win32/Adware.Adpeak (variant)
8.10877

Fortinet FortiGate
Adware/Adpeak
12/16/2014

K7 AntiVirus
Unwanted-Program
13.187.14332

Kaspersky
not-a-virus:AdWare.Win32.AdPeak
14.0.0.2789

McAfee
Artemis!835251C871A7
5600.6915

NANO AntiVirus
Trojan.Win32.DownLoad3.djkwer
0.28.6.63850

Panda Antivirus
Generic Suspicious
14.12.16.05

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Couponarific.R
14.12.16.5

Sophos
Generic PUA MO
4.98

Trend Micro House Call
Suspicious_GEN.F47V1201
7.2.350

Trend Micro
ADW_ADPEAK
10.465.16

VIPRE Antivirus
Trojan.Win32.Generic
35736

Zillya! Antivirus
Adware.AdPeak.Win32.5
2.0.0.2006

File size:
346.1 KB (354,360 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\nov26adk_20141201.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
10/6/2014 10:12:43 PM

Valid to:
10/7/2015 10:12:43 PM

Subject:
E=support@couponarific.com, CN=Couponarific, O=Couponarific, L=Seattle, S=WA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D5217FDB68336D578AC0747743835652

File PE Metadata
Compilation timestamp:
10/7/2014 6:40:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ooGzI1XcZfwYjkKPfoFLYbjjp/VCmqsxLUx4jyBzX76V1tpnLODIcoUg:obVdweFfmlsxICj2zOVPQD+Ug

Entry address:
0x31FF

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 09, A3, 78, 92, 42, 00, E8, FD, 2E, 00, 00, A3, C4, 91, 42, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, 70, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, C0, 81, 42, 00, E8, 68, 2B, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 56, 2B, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove nov26adk_20141201.exe - Powered by Reason Core Security