rbanmzatrg32.exe

Coupoon

Part of an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application rbanmzatrg32.exe by Coupoon has been detected as adware by 14 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “rbanmzatrg32”.
Publisher:
Coupoon  (signed and verified)

MD5:
d7dcd2046a6b3483232128f3db913af1

SHA-1:
0551edd0c9fcd3ed077f1181f2e865d213e9b9db

SHA-256:
417430d264bd14b43129011d73ff810338534d90ddb6cc5dc89132f4296fff33

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
12/24/2024 3:13:10 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.AdPeak.Y
567

Baidu Antivirus
Adware.Win32.Adpeak
4.0.3.15717

Bitdefender
Adware.AdPeak.Y
1.0.20.990

Emsisoft Anti-Malware
Adware.AdPeak.Y
8.15.07.17.05

ESET NOD32
Win32/Adware.Adpeak (variant)
9.11710

F-Secure
Adware.AdPeak.Y
11.2015-17-07_6

herdProtect (fuzzy)
2015.7.17.20

K7 AntiVirus
Adware
13.204.16086

Malwarebytes
PUP.Optional.Coupoon.A
v2015.07.17.05

MicroWorld eScan
Adware.AdPeak.Y
16.0.0.594

nProtect
Adware.AdPeak.Y
15.05.29.01

Reason Heuristics
PUP.AdPeak.Coupoon
15.5.8.23

Sophos
Generic PUA FE
4.98

VIPRE Antivirus
Trojan.Win32.Generic
40692

File size:
607.8 KB (622,392 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\015\rbanmzatrg32.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
11/21/2014 9:35:57 AM

Valid to:
11/22/2015 9:35:57 AM

Subject:
E=support@coupoon.org, CN=Coupoon, O=Coupoon, L=Tallahassee, S=FL, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121400C47EC899C3BA485785E2CAB2D79C3

File PE Metadata
Compilation timestamp:
3/22/2015 4:30:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
12288:O1f4iPIGWji/SJZSLhOOvtMkJGTLqMIB0EcF9DM2:O1wseZSLPFMsa+6ZM2

Entry address:
0x12931

Entry point:
E8, 96, 0D, 01, 00, E9, 41, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, F0, 10, 49, 00, 89, 0D, EC, 10, 49, 00, 89, 15, E8, 10, 49, 00, 89, 1D, E4, 10, 49, 00, 89, 35, E0, 10, 49, 00, 89, 3D, DC, 10, 49, 00, 66, 8C, 15, 08, 11, 49, 00, 66, 8C, 0D, FC, 10, 49, 00, 66, 8C, 1D, D8, 10, 49, 00, 66, 8C, 05, D4, 10, 49, 00, 66, 8C, 25, D0, 10, 49, 00, 66, 8C, 2D, CC, 10, 49, 00, 9C, 8F, 05, 00, 11, 49, 00, 8B, 45, 00, A3, F4, 10, 49, 00, 8B, 45, 04, A3, F8, 10, 49, 00, 8D, 45, 08, A3, 04, 11, 49, 00, 8B...
 
[+]

Entropy:
6.3576

Code size:
380 KB (389,120 bytes)

Service
Display name:
rbanmzatrg32

Type:
Win32OwnProcess


Remove rbanmzatrg32.exe - Powered by Reason Core Security