shopathome_appcore_7127_c91885524_d1_r92237_b3.exe

ShopAtHome.com (Belcaro Group, Inc)

The application shopathome_appcore_7127_c91885524_d1_r92237_b3.exe by ShopAtHome.com (Belcaro Group, Inc) has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from toolbar.shopathome.com and multiple other hosts.
Publisher:
ShopAtHome.com (Belcaro Group, Inc)  (signed and verified)

MD5:
fe459b4fbf16ac816c7bb089ff8b1ba2

SHA-1:
e1add551d8ee2454139e8b91bec931258b79e909

SHA-256:
743bb2e673b5f1e4416e8e042ad646ec040e07f9707fc16cc831e06205017a66

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 12:16:39 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ShopAtHomeBelcaroGroup.o
14.7.17.10

Sophos
SAHAgent Installer
4.96

File size:
446.1 KB (456,776 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\shopathome_appcore_7127_c91885524_d1_r92237_b3.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
5/21/2013 7:00:00 PM

Valid to:
6/6/2014 6:59:59 PM

Subject:
CN="ShopAtHome.com (Belcaro Group, Inc)", O="ShopAtHome.com (Belcaro Group, Inc)", L=Greenwood Village, S=Colorado, C=US, SERIALNUMBER=19871692567, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
05AACC1DBAF989DD6997926C9649BAEF

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ze34/nVTvjHPTDX+k4U7G0i7dge6XWqPC80RpwFHA3ZZHvjHPTDX+kOi7C:lVXJG02dgSqPF0RiNA/U2C

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.4307

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file shopathome_appcore_7127_c91885524_d1_r92237_b3.exe has been seen being distributed by the following 50 URLs.

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1056296&src=SEPDSE&CID=109749646&turl=http://www.shopathome.com/.../rossstores.com?refer=1056296&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1060852&src=SEPDSE&CID=111413347&turl=http://www.shopathome.com/savings/.../?refer=1060852&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1055898&src=SEPDSE&CID=85673357&turl=http://www.shopathome.com/.../ziploc.com?refer=1055898&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=NONBUNDLE&refer=92237&src=AFZTXX&CID=40545380&turl=http://.../&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1011037&src=SEPDSE&CID=47201737&turl=http://.../restaurant-coupons.html?refer=1011037&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=NONBUNDLE&refer=92237&src=AFZTXX&CID=105602803&turl=http://.../&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1030114&src=SEPDSE&CID=108836789&turl=http://.../free-samples.html?refer=1030114&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1050710&src=SEPDSE&CID=111634828&turl=http://www.shopathome.com/.../truvia.com?refer=1050710&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1055600&src=SEPDSE&CID=52785695&turl=http://www.shopathome.com/.../hobbylobby.com?refer=1055600&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1030768&src=SEPDSE&CID=96831221&turl=http://.../restaurant-coupons.html?refer=1030768&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1044502&src=SEPDSE&CID=103680760&turl=http://.../grocery-coupons?refer=1044502&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1004176&src=SEPDSE&CID=83429421&turl=http://.../grocery-coupons?refer=1004176&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1051326&src=SEPDSE&CID=59777697&turl=http://www.shopathome.com/.../butterball.com?refer=1051326&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=dlnopop&refer=92233&src=AFAICX&CID=71032159&turl=http://.../shopgold-rewards.html?action=BrowserAppDownload&actionsubtype=ChromeBrowserAppDownload&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=44832&src=SEPDSE&CID=101049809&turl=http://.../restaurant-coupons.html?refer=44832&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=76085&src=SEPDSE&CID=105312824&turl=http://.../restaurant-coupons.html?refer=76085&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=70801&isnew=n&owner=dlnopop&refer=92299&src=AFRELX&CID=110375025&turl=http://.../shopgold-rewards.html?action=BrowserAppDownload&actionsubtype=ChromeBrowserAppDownload&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1063631&src=SEPDSE&CID=109170253&turl=http://www.shopathome.com/.../skyzone.com?refer=1063631&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=fb13ec042e4b03ea5f04b73744003378&isnew=n&owner=NONBUNDLE&refer=92237&src=AFZTXX&CID=104243349&turl=http://.../&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1063870&src=SEPDSE&CID=111432498&turl=http://www.shopathome.com//.../smokeybones.com?refer=1063870&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1055515&src=SEPDSE&CID=70724417&turl=http://www.shopathome.com/savings/.../?refer=1055515&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=99999&isnew=n&owner=NONBUNDLE&refer=92237&src=AFZTXX&CID=89992474&turl=http://.../&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1052080&src=SEPDSE&CID=48068961&turl=http://www.shopathome.com/.../firstchoice.com?refer=1052080&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1052321&src=SEPDSE&CID=38795877&turl=http://www.shopathome.com/.../walmart.com?refer=1052321&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1054616&src=SEPDSE&CID=110490184&turl=http://.../grocery-coupons&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1042637&src=SEPDSE&CID=110415781&turl=http://.../popular-grocery-coupons?refer=1042637&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=76997&src=SEPDSE&CID=68785645&turl=http://www.shopathome.com/.../hobbylobby.com?refer=76997&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1060861&src=SEPDSE&CID=108355819&turl=http://www.shopathome.com/savings/.../?refer=1060861&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=3ee803ce1b009648e76eba252888d11e&isnew=n&owner=NONBUNDLE&refer=92237&src=AFZTXX&CID=107776396&turl=http://.../&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1055618&src=SEPDSE&CID=44030254&turl=http://www.shopathome.com/.../michaels.com?refer=1055618&DSP=0&bitiid=&finst=false&cookieuser=true

Latest 30 of 1,045 download URLs