nsg86fb.tmp.exe

Couponarific

This is the instaler for an an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application nsg86fb.tmp.exe by Couponarific has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program couponarific by CouponARific which is a potentially unwanted software program.
Publisher:
Couponarific  (signed and verified)

MD5:
7413779b86fbc878f2a9d073f24b94e7

SHA-1:
be05c85af21db0ef1c4859ee4623723f7d790411

SHA-256:
e3865bde49ca77b4ff3e07ded4694b6c12720dd6df14ce3d8892683ae5b64aa9

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
12/25/2024 1:40:33 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3266

Kaspersky
not-a-virus:AdWare.Win32.AdPeak
15.0.0.543

Panda Antivirus
Generic Suspicious
14.12.08.08

Reason Heuristics
PUP.Couponarific.K
14.12.10.9

Trend Micro House Call
TROJ_GEN.R08NH07L814
7.2.342

File size:
103.4 KB (105,872 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\nsg86fb.tmp.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
10/6/2014 1:12:43 PM

Valid to:
10/7/2015 1:12:43 PM

Subject:
E=support@couponarific.com, CN=Couponarific, O=Couponarific, L=Seattle, S=WA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D5217FDB68336D578AC0747743835652

File PE Metadata
Compilation timestamp:
10/6/2014 9:40:20 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:tdxNE+Hb+eyz9zI88fIsuJjvOfMIsozClfjx:tW+7+eM6NUvOftjz+V

Entry address:
0x335A

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 09, A3, B8, 92, 42, 00, E8, 15, 2F, 00, 00, A3, 04, 92, 42, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, A8, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, 00, 82, 42, 00, E8, 80, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 6E, 2B, 00, 00...
 
[+]

Entropy:
7.0885

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file nsg86fb.tmp.exe has been discovered within the following program.

couponarific  by CouponARific
couponarific is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.
83% remove it
 
Powered by Should I Remove It?

Remove nsg86fb.tmp.exe - Powered by Reason Core Security