ShopAtHomeHelper.exe

ShopAtHome.com Browser App

ShopAtHome.com (Belcaro Group, Inc)

The application ShopAtHomeHelper.exe, “ShopAtHome.com Cash Back Helper” by ShopAtHome.com (Belcaro Group, Inc) has been detected as a potentially unwanted program by 4 anti-malware scanners. This file is typically installed with the program ShopAtHome.com Helper by Belcaro Group Inc. which is a potentially unwanted software program. While running, it connects to the Internet address 199.83.132.126.ip.incapdns.net on port 80 using the HTTP protocol.
Publisher:
ShopAtHome.com  (signed by ShopAtHome.com (Belcaro Group, Inc))

Product:
ShopAtHome.com Browser App

Description:
ShopAtHome.com Cash Back Helper

Version:
1.0.0.1

MD5:
173f22783e1c33aa5d9c2eabba84de47

SHA-1:
5d91c2b2755c941f90b99f573aa5344e64443ddc

SHA-256:
fc615fbdb363cb27940f917da6eb4b15c001c691b55ac87be14091e4c86a0b6f

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 8:32:35 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.ShopAtHomeBelcaroGroup.Q
188838

Reason Heuristics
PUP.ShopAtHomeBelcaroGroup.Q
14.7.17.10

Sophos
SAHAgent
4.97

Trend Micro House Call
TROJ_GEN.F47V0106
7.2.109

File size:
1.2 MB (1,288,848 bytes)

Product version:
1.0.0.1

Copyright:
(c) ShopAtHome.com. All rights reserved.

Original file name:
ShopAtHomeHelper.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\shopathome\shopathomehelper\shopathomehelper.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
5/21/2013 8:00:00 PM

Valid to:
6/6/2014 7:59:59 PM

Subject:
CN="ShopAtHome.com (Belcaro Group, Inc)", O="ShopAtHome.com (Belcaro Group, Inc)", L=Greenwood Village, S=Colorado, C=US, SERIALNUMBER=19871692567, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
05AACC1DBAF989DD6997926C9649BAEF

File PE Metadata
Compilation timestamp:
6/12/2013 1:06:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:r8KUCoOGAD7unFJOf8wORpzov54vAbmPiIwr:rbZnGAvunC8wORpu54vAbmPPwr

Entry address:
0x8962F

Entry point:
E8, 4D, BA, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, B4, E9, 51, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 84, B0, 4D, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89...
 
[+]

Entropy:
6.5111

Code size:
868.5 KB (889,344 bytes)

The file ShopAtHomeHelper.exe has been discovered within the following program.

ShopAtHome.com Helper  by Belcaro Group Inc.
This is the helper application that is installed with the ShopAtHome Toolbar (Browser App).
www.shopathome.com
68% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 199.83.132.126.ip.incapdns.net  (199.83.132.126:80)

TCP (HTTP):
Connects to 107.154.109.91.ip.incapdns.net  (107.154.109.91:80)

Remove ShopAtHomeHelper.exe - Powered by Reason Core Security