shopathome_appcore_7127_c96684475_d1_r1046935_b3.exe

ShopAtHome.com (Belcaro Group, Inc.)

The application shopathome_appcore_7127_c96684475_d1_r1046935_b3.exe by ShopAtHome.com (Belcaro Group,) has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from toolbar.shopathome.com and multiple other hosts.
Publisher:
ShopAtHome.com (Belcaro Group, Inc.)  (signed and verified)

MD5:
338d00098ffe4f11919168a9cdccefd7

SHA-1:
ae09c07ea89d4a17366f699ca2d1ba37af31c598

SHA-256:
e285af0e86d5d42d605c47f7045d246d38d1bb583bd0150ff720a6957b4c9503

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 12:56:28 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3335

McAfee
Artemis!338D00098FFE
5600.6991

Reason Heuristics
PUP.ShopAtHomeBelcaroGroup.q
14.9.30.21

Sophos
SAHAgent Installer
4.98

VIPRE Antivirus
ShopAtHome
33554

File size:
446.1 KB (456,816 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\shopathome_appcore_7127_c96684475_d1_r1046935_b3.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
6/4/2014 7:00:00 PM

Valid to:
6/28/2017 6:59:59 PM

Subject:
CN="ShopAtHome.com (Belcaro Group, Inc.)", OU=IT, O="ShopAtHome.com (Belcaro Group, Inc.)", L=Greenwood Village, S=Colorado, C=US, SERIALNUMBER=19871692567, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
38E3C208FF559249F35DC2BBDA16136B

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Ie34/nVTvjHPTDX+k4U7G0i7dge6XWqPC80RpwFHA3ZZHvjHPTDX+kOi71:SVXJG02dgSqPF0RiNA/U21

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.4308

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file shopathome_appcore_7127_c96684475_d1_r1046935_b3.exe has been seen being distributed by the following 50 URLs.

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1055600&src=SEPDSE&CID=118093687&turl=http://www.shopathome.com/.../hobbylobby.com?refer=1055600&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=6120801&isnew=n&owner=dlnopop&refer=92299&src=AFRELX&CID=116306284&turl=http://.../shopgold-rewards.html?action=BrowserAppDownload&actionsubtype=ChromeBrowserAppDownload&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1066673&src=SEPDSE&CID=30948868&turl=http://.../bookit-coupons.html#sid=52004298?refer=1066673&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1048576&src=SEPDSE&CID=46853476&turl=http://.../petsmart-coupons.html#sid=51764889?refer=1048576&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1042637&src=SEPDSE&CID=98671407&turl=http://.../grocery-coupons-view-all?refer=1042637&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1028970&src=SEPDSE&CID=47201737&turl=http://.../restaurantcom-coupons.html?refer=1028970&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1053637&src=SEPDSE&CID=116281388&turl=http://www.shopathome.com/.../dickssportinggoods.com?refer=1053637&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1048161&src=SEPDSE&CID=117942607&turl=http://.../cardpool-coupons.html#sid=52204540?refer=1048161&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1050387&src=SEPDSE&CID=115721453&turl=http://www.shopathome.com/.../lipton.com?refer=1050387&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1053655&src=SEPDSE&CID=114390957&turl=http://www.shopathome.com/savings/.../?refer=1053655&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=fb13ec042e4b03ea5f04b73744003378&isnew=n&owner=NONBUNDLE&refer=92493&src=AFZTXX&CID=112991094&turl=http://www.shopathome.com//coupon-codes&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=543&isnew=n&owner=dlnopop&refer=92263&src=AFDIGX&CID=25344093&turl=http://.../&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1050419&src=SEPDSE&CID=117510260&turl=http://www.shopathome.com/savings/.../?refer=1050419&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1053696&src=SEPDSE&CID=114542905&turl=http://www.shopathome.com/.../americangirl.com?refer=1053696&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1066647&src=SEPDSE&CID=107817636&turl=http://.../grocery-coupons-view-all?refer=1066647&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1066661&src=SEPDSE&CID=113106177&turl=http://.../grocery-coupons-view-all?ssids=17,31,28&refer=1066661&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1047750&src=SEPDSE&CID=58128341&turl=http://.../walmart-coupons.html#sid=49956712?refer=1047750&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1067868&src=SEPDSE&CID=59802741&turl=http://www.shopathome.com/.../aldi.com?refer=1067868&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1067868&src=SEPDSE&CID=117745435&turl=http://www.shopathome.com/.../aldi.com?refer=1067868&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1066655&src=SEPDSE&CID=61987589&turl=http://.../shopgold-rewards.html?refer=1066655&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=448&isnew=n&owner=nonbundle&refer=92249&src=AFSZXX&CID=117520614&turl=http://.../shop-online.aspx&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1053286&src=SEPDSE&CID=113617774&turl=http://www.shopathome.com/.../hollisterco.com?refer=1053286&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=795b0e86ebfdf6d53445b3fc2c7c0920&isnew=n&owner=NONBUNDLE&refer=92493&src=AFZTXX&CID=118265717&turl=http://www.shopathome.com//coupon-codes&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1051478&src=SEPDSE&CID=78590705&turl=http://.../restaurantcom-coupons.html?refer=1051478&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1051382&src=SEPDSE&CID=112605334&turl=http://www.shopathome.com/.../bk.com?refer=1051382&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1066655&src=SEPDSE&CID=47272933&turl=http://.../shopgold-rewards.html?refer=1066655&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=3ee803ce1b009648e76eba252888d11e&isnew=n&owner=NONBUNDLE&refer=92493&src=AFZTXX&CID=115400061&turl=http://www.shopathome.com//coupon-codes&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1051602&src=SEPDSE&CID=116352895&turl=http://www.shopathome.com/.../redrobin.com?refer=1051602&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1066413&src=SEPDSE&CID=37489923&turl=http://www.shopathome.com/.../inkpixi.com?refer=1066413&DSP=1&bitiid=&finst=false&cookieuser=true

http://toolbar.shopathome.com/install/download.aspx?subid=&isnew=n&owner=nonbundle&refer=1051508&src=SEPDSE&CID=116556569&turl=http://www.shopathome.com/.../logansroadhouse.com?refer=1051508&DSP=1&bitiid=&finst=false&cookieuser=true

Latest 30 of 1,028 download URLs