ShoppingSidekick_ca.exe

Shopping Sidekick

Excellent Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application ShoppingSidekick_ca.exe, “Shopping Sidekick Installer” by Excellent Apps has been detected as adware by 13 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
215 Apps  (signed by Excellent Apps)

Product:
Shopping Sidekick

Description:
Shopping Sidekick Installer

Version:
1.24.151.151

MD5:
6d982afcd65896d619695f81b65c5227

SHA-1:
41f4ff50bc148d4b4a1a694c4ab44f97b6139add

SHA-256:
a414fec10222e4eeeae8c98f2af7c4bea9ea9f7ad6b3a671d8913d7805cda6cc

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
12/25/2024 12:36:21 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
NSIS:Dropper-GM [Drp]
2014.9-130829

Baidu Antivirus
Trojan.Win32.Packed
4.0.3.131126

Bkav FE
HW32.CDB
1.3.0.4613

Boost by Reason
Optional.ExcellentApps.T
188838

Comodo Security
Heur.Suspicious
17432

Dr.Web
Adware.Plugin.22
9.0.1.0241

ESET NOD32
Win32/Toolbar.CrossRider
7.9170

Malwarebytes
PUP.215Apps
v2013.08.29.12

McAfee
Artemis!6D982AFCD658
5600.7181

Reason Heuristics
PUP.Installer.ExcellentApps.T
14.8.7.17

Sophos
Generic PUA EL
4.91

Trend Micro House Call
TROJ_GEN.RCBH1LH
7.2.241

VIPRE Antivirus
GamePlayLabs
24320

File size:
2.3 MB (2,438,552 bytes)

Copyright:
Copyright 215 Apps

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\shoppingsidekick_ca.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
8/28/2012 5:00:00 PM

Valid to:
8/29/2013 4:59:59 PM

Subject:
CN=Excellent Apps, O=Excellent Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6D2FB6375D3A8788B735FEDBD060732B

File PE Metadata
Compilation timestamp:
1/5/2010 4:09:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
49152:pvw4zQHzsW4KMLe5nivkDC3gueD4EkqLns9+ou7x/3ttRH:hzfKnCwueD4XX9qxfh

Entry address:
0x4044

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 97, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 43, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, A6, 52, 00, 00, A3, 88, 5C, 42, 00, 53, C7, 04, 24, 08, 00, 00, 00, E8, 26, 32, 00, 00, A3, 38, 5D, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, D0, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 68, 5D...
 
[+]

Entropy:
7.9883  (probably packed)

Code size:
33 KB (33,792 bytes)

The file ShoppingSidekick_ca.exe has been seen being distributed by the following URL.

Remove ShoppingSidekick_ca.exe - Powered by Reason Core Security