shoppinhelper_0407-04563c15.exe

SH2

The application shoppinhelper_0407-04563c15.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from d3ijsb1ryk5jd8.cloudfront.net and multiple other hosts.
Publisher:
SH2

Product:
SH2

Version:
1.0

MD5:
9ebcee19f47e190e4845c706c960d3ff

SHA-1:
e7856f7998eb9817590a0d8f888922f4540f3629

SHA-256:
c0ba4626bf927988c666816ddb9ca4da70cfd5db6c8306c1d1e7a59c688ffaec

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/24/2024 3:00:10 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.ShoppingHelper.A
853

Agnitum Outpost
PUA.OutBrowse
7.1.1

avast!
Win32:Dropper-gen [Drp]
2014.9-140705

Baidu Antivirus
PUA.Win32.OutBrowse
4.0.3.14105

ESET NOD32
Win32/OutBrowse.AI (variant)
8.10333

F-Prot
W32/Outbrowse.B2.gen
v6.4.7.1.166

Malwarebytes
PUP.Optional.ShoppingHelper.A
v2014.10.05.08

McAfee
Artemis!9EBCEE19F47E
5600.6987

MicroWorld eScan
Application.Bundler.ShoppingHelper.A
15.0.0.834

NANO AntiVirus
Trojan.Win32.Generic.dbxkzp
0.28.0.60577

Norman
Suspicious_Gen4.GTZVJ
11.20141005

Panda Antivirus
Trj/Chgt.D
14.10.05.08

Qihoo 360 Security
Win32/Trojan.Dropper.c9f
1.0.0.1015

Trend Micro House Call
Suspici.BBAC4570
7.2.278

VIPRE Antivirus
Trojan.Win32.Generic
32642

File size:
10.2 MB (10,738,096 bytes)

Copyright:
© SH2

Trademarks:
SH2

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\shoppinhelper_0407-04563c15.exe

File PE Metadata
Compilation timestamp:
12/6/2009 8:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:I1HcSho2kqSDSXx7WJZxhk+3FDqmCoxNu1ba7d9WPgqt:I+ioG0Ux7WJZPF2yHCbR

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9993

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file shoppinhelper_0407-04563c15.exe has been seen being distributed by the following 2 URLs.

http://d3ijsb1ryk5jd8.cloudfront.net/cl/inst/bundles/ShoppingHelperOutBrowse/.../ShoppinHelper2_Setup1-7.exe

Remove shoppinhelper_0407-04563c15.exe - Powered by Reason Core Security