rbm.exe

Couponarific

This is the instaler for an an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application rbm.exe by Couponarific has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory.
Publisher:
Couponarific  (signed and verified)

MD5:
e38e5ba493510c264b0493a2ac4f5e19

SHA-1:
105fe491e7cc152796fcf3330ac94683ca0098c4

SHA-256:
9b15be14cae9ebec7470c2c7864186211ac6c7f3b47b50f9220b8424a4a7dbcb

Scanner detections:
30 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
12/25/2024 1:02:25 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.1033634
530

Agnitum Outpost
PUA.Adpeak
7.1.1

Avira AntiVirus
APPL/Adpeak.682992
7.11.200.132

avast!
Win32:Adware-CCW [PUP]
2014.9-150823

AVG
Generic6
2016.0.3008

Baidu Antivirus
Adware.Win32.Adpeak
4.0.3.15823

Bitdefender
Application.Generic.1033634
1.0.20.1175

Clam AntiVirus
Win.Trojan.Adpeak
0.98/21511

Comodo Security
ApplicUnwnt
20673

Dr.Web
Trojan.DownLoad3.35130
9.0.1.0235

ESET NOD32
Win32/Adware.Adpeak (variant)
9.10996

Fortinet FortiGate
Adware/Adpeak
8/23/2015

F-Secure
Application.Generic.1033634
11.2015-23-08_1

G Data
Application.Generic.1033634
15.8.24

K7 AntiVirus
Unwanted-Program
13.190.14603

Kaspersky
not-a-virus:AdWare.Win32.AdPeak
14.0.0.1536

McAfee
Artemis!E38E5BA49351
5600.6664

Microsoft Security Essentials
Adware:Win32/Couponarific
1.11302

MicroWorld eScan
Application.Generic.1033634
16.0.0.705

NANO AntiVirus
Trojan.Win32.DownLoad3.djkwer
0.30.0.64448

Panda Antivirus
Generic Suspicious
15.08.23.05

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Quick Heal
Adware.Adpeak.r3 (Not a Virus)
8.15.14.00

Reason Heuristics
PUP.Adpeak.Couponarific.Installer (M)
15.8.23.17

Rising Antivirus
PE:AdWare.Win32.Adpeak.d!1075356118
23.00.65.15821

Sophos
Generic PUA HC
4.98

Trend Micro House Call
TROJ_GEN.R02SC0DA215
7.2.235

Trend Micro
TROJ_GEN.R02SC0DA215
10.465.23

Vba32 AntiVirus
AdWare.AdPeak
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
36560

File size:
346 KB (354,312 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\rbm.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
10/6/2014 5:12:43 PM

Valid to:
10/7/2015 5:12:43 PM

Subject:
E=support@couponarific.com, CN=Couponarific, O=Couponarific, L=Seattle, S=WA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D5217FDB68336D578AC0747743835652

File PE Metadata
Compilation timestamp:
10/7/2014 1:40:14 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:joGzI1XFSHcgdgIk4PQE4XAgJaIRBcHo+rSN6jT35zognxPGbL5G2Q6Xt3HM0bb2:jbY4dVki4QcEV2E33tognOHB980tUb

Entry address:
0x31FF

Entry point:
81, EC, D8, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 09, A3, 78, 92, 42, 00, E8, FD, 2E, 00, 00, A3, C4, 91, 42, 00, 55, 8D, 44, 24, 38, 68, B4, 02, 00, 00, 50, 55, 68, 70, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, C0, 81, 42, 00, E8, 68, 2B, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 56, 2B, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove rbm.exe - Powered by Reason Core Security