» shoppinhelper_0407-04563c15.exe
Overview
Analysis
File Details
Downloads (2)

shoppinhelper_0407-04563c15.exe

SH2

The application shoppinhelper_0407-04563c15.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from d3ijsb1ryk5jd8.cloudfront.net and multiple other hosts.

File name:

Publisher:

SH2

Product:

SH2

Version:

1.0

MD5:

9ebcee19f47e190e4845c706c960d3ff

SHA-1:

e7856f7998eb9817590a0d8f888922f4540f3629

SHA-256:

c0ba4626bf927988c666816ddb9ca4da70cfd5db6c8306c1d1e7a59c688ffaec

Scanner detections:

15 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

11/23/2024 10:17:23 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.ShoppingHelper.A

853

Agnitum Outpost

PUA.OutBrowse

7.1.1

avast!

Win32:Dropper-gen [Drp]

2014.9-140705

Baidu Antivirus

PUA.Win32.OutBrowse

4.0.3.14105

ESET NOD32

Win32/OutBrowse.AI (variant)

8.10333

F-Prot

W32/Outbrowse.B2.gen

v6.4.7.1.166

Malwarebytes

PUP.Optional.ShoppingHelper.A

v2014.10.05.08

McAfee

Artemis!9EBCEE19F47E

5600.6987

MicroWorld eScan

Application.Bundler.ShoppingHelper.A

15.0.0.834

NANO AntiVirus

Trojan.Win32.Generic.dbxkzp

0.28.0.60577

Norman

Suspicious_Gen4.GTZVJ

11.20141005

Panda Antivirus

Trj/Chgt.D

14.10.05.08

Qihoo 360 Security

Win32/Trojan.Dropper.c9f

1.0.0.1015

Trend Micro House Call

Suspici.BBAC4570

7.2.278

VIPRE Antivirus

Trojan.Win32.Generic

32642

File size:

10.2 MB (10,738,096 bytes)

Trademarks:

SH2

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\shoppinhelper_0407-04563c15.exe

File PE Metadata

Compilation timestamp:

12/6/2009 8:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

196608:I1HcSho2kqSDSXx7WJZxhk+3FDqmCoxNu1ba7d9WPgqt:I+ioG0Ux7WJZPF2yHCbR

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9993

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file shoppinhelper_0407-04563c15.exe has been seen being distributed by the following 2 URLs.

http://d3ijsb1ryk5jd8.cloudfront.net/cl/inst/bundles/ShoppingHelperOutBrowse/.../ShoppinHelper2_Setup1-7.exe

http://cdn.file2desktop.com/.../ShoppinHelper2_Setup1-7.exe

Remove shoppinhelper_0407-04563c15.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.