» shopathome_app_7.10.6.8_c105981448_d1_r1066654.exe
Overview
Analysis
File Details
Downloads (151)

shopathome_app_7.10.6.8_c105981448_d1_r1066654.exe

ShopAtHome.com (Belcaro Group, Inc.)

The application shopathome_app_7.10.6.8_c105981448_d1_r1066654.exe by ShopAtHome.com (Belcaro Group,) has been detected as a potentially unwanted program by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from toolbar.shopathome.com and multiple other hosts.

File name:

Publisher:

ShopAtHome.com (Belcaro Group, Inc.) (signed and verified)

MD5:

502bc04b3c7396d323917cc6675e53ae

SHA-1:

84593de0533d46ebb9b5164a70545df332b1ec7d

SHA-256:

f41483a546a6aca896e3d032eba002d5ed7a5b0282fd900d4c9de24c7cb3cd50

Scanner detections:

8 / 68

Status:

Potentially unwanted

Analysis date:

11/16/2024 12:37:23 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.3132

G Data

Win32.Adware.ShopAtHome

15.4.25

K7 AntiVirus

Riskware

13.203.15666

McAfee

Artemis!502BC04B3C73

5600.6788

Reason Heuristics

PUP.ShopAtHome.Installer

15.4.22.7

Sophos

SAHAgent

4.98

Trend Micro House Call

Suspicious_GEN.F47V0404

7.2.112

VIPRE Antivirus

ShopAtHome

39554

File size:

832.2 KB (852,136 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\pyn9vynu\shopathome_app_7.10.6.8_c105981448_d1_r1066654.exe

Digital Signature

Signed by:

ShopAtHome.com (Belcaro Group, Inc.)

Authority:

Symantec Corporation

Valid from:

6/4/2014 8:00:00 PM

Valid to:

6/28/2017 7:59:59 PM

Subject:

CN="ShopAtHome.com (Belcaro Group, Inc.)", OU=IT, O="ShopAtHome.com (Belcaro Group, Inc.)", L=Greenwood Village, S=Colorado, C=US, SERIALNUMBER=19871692567, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

38E3C208FF559249F35DC2BBDA16136B

File PE Metadata

Compilation timestamp:

2/24/2012 2:21:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:xmH8iPuzwKDp77Y0BAQm6S2mQrvERXM4RD5Fvr3nJkPobadL2:xmHt2RC0CQVmQr2M4RD5FSPUSL2

Entry address:

0x3814

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 1C, C7, 44, 24, 10, 70, 8A, 40, 00, 89, 5C, 24, 18, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, A4, 82, 40, 00, 6A, 08, A3, 58, 89, 44, 00, E8, FA, 28, 00, 00, 53, 68, 60, 01, 00, 00, A3, 68, 88, 44, 00, 8D, 44, 24, 3C, 50, 53, 68, 1F, 8B, 40, 00, FF, 15, 70, 81, 40, 00, 68, 14, 8B, 40, 00, 68, 60, 48, 44, 00, E8, 24, 26, 00, 00, FF, 15, AC, 80, 40, 00, 50, BF, 50, 10, 47, 00, 57, E8, 12, 26... 
[+]

Entropy:

7.8462

Packer / compiler:

Nullsoft install system v2.x

Code size:

27 KB (27,648 bytes)

The file shopathome_app_7.10.6.8_c105981448_d1_r1066654.exe has been seen being distributed by the following 50 URLs.

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1050363&src=SEPDSE&CID=119811917&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1050363&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&isnew=y&owner=dlnopop&refer=92269&src=AFFLXX&CID=119496873&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&owner=dlnopop&refer=92269&src=AFFLXX&CID=27580236&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1032966&src=SEPDSE&CID=119248722&DSP=0&bitiid=&finst=true&surl=http://.../citypass-coupons.html?src=SEPDSE&refer=1032966#sid=52840509&refer=1032966&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1048331&src=SEPDSE&CID=35218664&DSP=0&bitiid=&finst=true&surl=http://.../caesars-coupons.html#sid=26584560?refer=1048331&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=32911&isnew=y&owner=dlnopop&refer=92522&src=AFFLXX&CID=120499250&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&owner=dlnopop&refer=92269&src=AFFLXX&CID=114763202&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1064360&src=SEPDSE&CID=119494134&DSP=0&bitiid=&finst=true&surl=http://.../lifescript-coupons.html?refer=1064360&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1036525&src=SEPDSE&CID=120085681&DSP=0&bitiid=&finst=true&surl=http://.../black-friday-july-deals?refer=1036525&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1050970&src=SEPDSE&CID=33088791&DSP=0&bitiid=327&finst=true&surl=http://.../grocery-coupons.html?refer=1050970&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&isnew=y&owner=dlnopop&refer=92269&src=AFFLXX&CID=120012875&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=33311&owner=dlnopop&refer=92522&src=AFFLXX&CID=92798167&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=33791&owner=dlnopop&refer=92522&src=AFFLXX&CID=59852040&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&isnew=y&owner=dlnopop&refer=92269&src=AFFLXX&CID=119118894&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&isnew=y&owner=dlnopop&refer=92269&src=AFFLXX&CID=119969372&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=32911&owner=dlnopop&refer=92522&src=AFFLXX&CID=106689860&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1061793&src=SEPDSE&CID=118941374&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1061793&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1051031&src=SEPDSE&CID=675001&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1051031&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1050804&src=SEPDSE&CID=119048361&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1050804&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&isnew=y&owner=dlnopop&refer=92269&src=AFFLXX&CID=119986632&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1057614&src=SEPDSE&CID=96638489&DSP=0&bitiid=&finst=true&surl=http://.../cardpool-coupons.html?src=SEPDSE&refer=1057614#sid=53423600&refer=1057614&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1048681&src=SEPDSE&CID=75032270&DSP=0&bitiid=&finst=true&surl=http://.../bobevans-coupons.html?refer=1048681&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1068978&src=SEPDSE&CID=119602989&DSP=0&bitiid=&finst=true&surl=http://.../livingsocial-coupons.html?src=SEPDSE&refer=1068978#sid=53687812&refer=1068978&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=y&owner=nonbundle&refer=1068818&src=SEPDSE&CID=120039843&DSP=0&bitiid=&finst=true&surl=http://.../grocery-coupons.html?refer=1068818&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1066645&src=SEPDSE&CID=118329185&DSP=0&bitiid=&finst=true&surl=http://.../cardpool-coupons.html?src=SEPDSE&refer=1066645#sid=51764900&refer=1066645&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=33311&owner=dlnopop&refer=92522&src=AFFLXX&CID=88684078&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/.../download.aspx?subid=20761&owner=dlnopop&refer=92269&src=AFFLXX&CID=119349283&DSP=0&bitiid=&finst=true&surl=&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1036525&src=SEPDSE&CID=86851594&DSP=0&bitiid=&finst=true&surl=http://.../black-friday-july-deals?refer=1036525&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1040005&src=SEPDSE&CID=120123689&DSP=0&bitiid=&finst=true&surl=http://.../trustedtours-coupons.html?src=SEPDSE&refer=1040005#sid=52357292&refer=1040005&eurl=&turl=

http://toolbar.shopathome.com/install/download.aspx?subid=&owner=nonbundle&refer=1064303&src=SEPDSE&CID=89679842&DSP=0&bitiid=309&finst=true&surl=http://www.shopathome.com/.../behr.com?refer=1064303&eurl=&turl=

Latest 30 of 151 download URLs

Remove shopathome_app_7.10.6.8_c105981448_d1_r1066654.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.