home

selectrebates.exe

ShopAtHome.com

The application selectrebates.exe by ShopAtHome.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SelectRebates’. Additionally, the file is typically installed by a number of programs including ShopAtHome SelectRebates by Select Rebates and ShopAtHome.com Toolbar by Belcaro Group Inc., both potentially unwanted software.
Publisher:
ShopAtHome.com  (signed and verified)

Version:
5, 2, 0, 0

MD5:
0bf024e4f8fc508acfed092399f0fb4c

SHA-1:
72f7ba26720fa662bd36586390d08eb2a963f407

SHA-256:
e1ebf07d8cc5205aaea6487e3041d94cccbc68361bf92de208f37f42aea232f8

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/16/2024 12:17:59 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ShopAtHome (M)
17.3.14.7

File size:
866 KB (886,752 bytes)

Product version:
5, 2, 0, 0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\selectrebates\selectrebates.exe

Digital Signature
Signed by:
ShopAtHome.com

Authority:
VeriSign, Inc.

Valid from:
5/25/2010 5:00:00 PM

Valid to:
6/21/2013 4:59:59 PM

Subject:
CN=ShopAtHome.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ShopAtHome.com, L=Greenwood Village, S=Colorado, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
063168411F371B898EE763E4858518C4

File PE Metadata
Compilation timestamp:
11/1/2010 1:29:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x6D4A4

Entry point:
55, 8B, EC, 6A, FF, 68, 88, 43, 48, 00, 68, 02, D6, 46, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 78, B7, 47, 00, 59, 83, 0D, 08, A8, 4B, 00, FF, 83, 0D, 0C, A8, 4B, 00, FF, FF, 15, 74, B7, 47, 00, 8B, 0D, EC, A7, 4B, 00, 89, 08, FF, 15, 70, B7, 47, 00, 8B, 0D, E8, A7, 4B, 00, 89, 08, A1, A8, B6, 47, 00, 8B, 00, A3, 04, A8, 4B, 00, E8, 40, 01, 00, 00, 39, 1D, 18, B7, 4A, 00, 75, 0C, 68, 50, D6, 46, 00, FF, 15, E8, B5...
 
[+]

Entropy:
6.2078

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
487 KB (498,688 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SelectRebates

Command:
C:\Program Files\selectrebates\selectrebates.exe


The file selectrebates.exe has been discovered within the following programs.

ShopAtHome SelectRebates  by Select Rebates
ShopAtHome SelectRebates is a potentially unwanted browser hijacker that runs in the web browser as a toolbar and web extension.
81% remove it
ShopAtHome.com Toolbar  by Belcaro Group Inc.
The ShopAtHome.com Toolbar will have the ability to inject such content into search results in your browser. Such content will be identified as ShopAtHome.com content, and you will have the ability to disable this feature of the Toolbar.
www.shopathome.com
64% remove it
 
Powered by Should I Remove It?

Remove selectrebates.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.