suf80_launch.exe

Coupon Printer

Coupons, Inc.

The application suf80_launch.exe, “Coupon Printer Installer” by Coupons has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the Setup Factory installer. This file is typically installed with the program Coupon Printer for Windows by Coupons.com Incorporated which is a potentially unwanted software program. The file has been seen being downloaded from d183lg3a4tds83.cloudfront.net and multiple other hosts.
Publisher:
Coupons.com Incorporated  (signed by Coupons, Inc.)

Product:
Coupon Printer

Description:
Coupon Printer Installer

Version:
5.0.0.3

MD5:
d9e4f5aa74e6c6bafd3ddc7bf54cf929

SHA-1:
e365dc5592ef01431b493d29943710a7c403a975

SHA-256:
a78c05c8f96561dbd97c919133f7a21aa8767c46c4c20285673bb16175bd6185

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 5:22:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.Coupons.M
14.2.26.9

Trend Micro House Call
TROJ_GEN.F47V0918
7.2.42

File size:
1.8 MB (1,858,464 bytes)

Product version:
5.0.0.3

Copyright:
Copyright © 2013 by Coupons.com Incorporated

Original file name:
suf80_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\downloads\suf80_launch.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/17/2012 8:00:00 PM

Valid to:
10/17/2015 7:59:59 PM

Subject:
CN="Coupons, Inc.", OU=Coupons.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Coupons, Inc.", L=Palo Alto, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3B0915310C9D42DC14785EF80FDBA531

File PE Metadata
Compilation timestamp:
6/22/2010 9:31:07 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:3z3/TOMs8RVFXqn3QEnE3vrV3ZEPGuXc1OS4pM8QNTp8n+gQXPARaa2w3ErQ:j3LW8RVtn5v5GPzQOzQUVQ/wR2oE0

Entry address:
0x3079

Entry point:
E8, FB, 2E, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 04, 89, 7D, FC, 8B, 7D, 08, 8B, 4D, 0C, C1, E9, 07, 66, 0F, EF, C0, EB, 08, 8D, A4, 24, 00, 00, 00, 00, 90, 66, 0F, 7F, 07, 66, 0F, 7F, 47, 10, 66, 0F, 7F, 47, 20, 66, 0F, 7F, 47, 30, 66, 0F, 7F, 47, 40, 66, 0F, 7F, 47, 50, 66, 0F, 7F, 47, 60, 66, 0F, 7F, 47, 70, 8D, BF, 80, 00, 00, 00, 49, 75, D0, 8B, 7D, FC, 8B, E5, 5D, C3, 55, 8B, EC, 83, EC, 10, 89, 7D, FC, 8B, 45, 08, 99, 8B, F8, 33, FA, 2B, FA, 83, E7, 0F, 33, FA, 2B, FA, 85, FF, 75, 3C, 8B...
 
[+]

Entropy:
7.9413  (probably packed)

Code size:
32 KB (32,768 bytes)

The file suf80_launch.exe has been discovered within the following program.

Coupon Printer for Windows  by Coupons.com Incorporated
Coupon Printer for Windows is software that allows users to build and print coupons that will be accepted at retail stores from Coupons.com. The printer application also bundles the CouponBar, a web browser toolbar.
www.coupons.com
69% remove it
 
Powered by Should I Remove It?

The file suf80_launch.exe has been seen being distributed by the following 8 URLs.

http://d183lg3a4tds83.cloudfront.net/bundles/.../setup_file.exe

Remove suf80_launch.exe - Powered by Reason Core Security