» shopathomewatcher.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

shopathomewatcher.exe

ShopAtHome.com (Belcaro Group, Inc)

The application shopathomewatcher.exe by ShopAtHome.com (Belcaro Group, Inc) has been detected as a potentially unwanted program by 4 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ShopAtHomeWatcher’. This file is typically installed with the program ShopAtHome.com Helper by Belcaro Group Inc. which is a potentially unwanted software program.

File name:

Publisher:

ShopAtHome.com (Belcaro Group, Inc) (signed and verified)

MD5:

ce215742ba0a6bb1bad9902b5753f657

SHA-1:

db1bc908c0a871d6e85137de03010c32b9b24dfc

SHA-256:

d7d1e8edafd0478c79b9f0750468a06d6e01d41dbbed12b548b0d34fbb522a52

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

1/15/2025 6:10:07 AM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.Startup.ShopAtHomeBelcaroGroup.R

188838

Reason Heuristics

PUP.Startup.ShopAtHomeBelcaroGroup.R

14.7.17.10

Sophos

SAHAgent

4.96

Vba32 AntiVirus

Signed-Adware.Sahat

3.12.24.3

File size:

117.1 KB (119,952 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\shopathome\shopathomehelper\shopathomewatcher.exe

Digital Signature

Signed by:

ShopAtHome.com (Belcaro Group, Inc)

Authority:

Symantec Corporation

Valid from:

5/22/2013 4:30:00 AM

Valid to:

6/7/2014 4:29:59 AM

Subject:

CN="ShopAtHome.com (Belcaro Group, Inc)", O="ShopAtHome.com (Belcaro Group, Inc)", L=Greenwood Village, S=Colorado, C=US, SERIALNUMBER=19871692567, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Colorado, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

05AACC1DBAF989DD6997926C9649BAEF

File PE Metadata

Compilation timestamp:

6/12/2013 9:35:24 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:p8rQj+jl++3bJHDBPmYHpKz+JpnGUQFKlRWar/KPnkzM1u5gUndBX2R19aDYz7Ko:lyOcpKC/1RWQKPVuLX2j9iYz7Ba8H

Entry address:

0x6998

Entry point:

E8, 78, 55, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, E0, E3, 41, 00, 00, 74, 05, E9, D4, 55, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83... 
[+]

Entropy:

6.4848

Code size:

80.5 KB (82,432 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ShopAtHomeWatcher

Command:

C:\users\{user}\appdata\roaming\shopathome\shopathomehelper\shopathomewatcher.exe

The file shopathomewatcher.exe has been discovered within the following program.

ShopAtHome.com Helper by Belcaro Group Inc.

This is the helper application that is installed with the ShopAtHome Toolbar (Browser App).

www.shopathome.com

68% remove it

Remove shopathomewatcher.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.