tpydklloou32.exe

Coupoon

Part of an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application tpydklloou32.exe by Coupoon has been detected as adware by 14 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “tpydklloou32”.
Publisher:
Coupoon  (signed and verified)

MD5:
6d97c8a655bfdbe696e7346bd1621089

SHA-1:
66487afd98fe6e17bde21ad847ae74647309fa49

SHA-256:
85fecc642cdc424a8c8b68e06934abd8ded3c1f194b64e18c66549888c5f4373

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
12/24/2024 4:11:53 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.AdPeak.Y
569

Baidu Antivirus
Adware.Win32.Adpeak
4.0.3.15413

Bitdefender
Adware.AdPeak.Y
1.0.20.980

Emsisoft Anti-Malware
Adware.AdPeak.Y
8.15.07.17.05

ESET NOD32
Win32/Adware.Adpeak (variant)
9.11710

F-Secure
Adware.AdPeak.Y
11.2015-15-07_4

herdProtect (fuzzy)
2015.7.15.17

K7 AntiVirus
Adware
13.204.16086

Malwarebytes
PUP.Optional.Coupoon.A
v2015.07.15.05

MicroWorld eScan
Adware.AdPeak.Y
16.0.0.588

nProtect
Adware.AdPeak.Y
15.05.29.01

Reason Heuristics
PUP.AdPeak.Coupoon
15.5.8.23

Sophos
Generic PUA FE
4.98

VIPRE Antivirus
Trojan.Win32.Generic
40692

File size:
607.8 KB (622,392 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\015\tpydklloou32.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
11/21/2014 3:35:57 PM

Valid to:
11/22/2015 3:35:57 PM

Subject:
E=support@coupoon.org, CN=Coupoon, O=Coupoon, L=Tallahassee, S=FL, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121400C47EC899C3BA485785E2CAB2D79C3

File PE Metadata
Compilation timestamp:
3/22/2015 9:30:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
12288:R1f4iPIGWji/SJZSLhOOvtMkJGTLqMIB0EcF9DMw:R1wseZSLPFMsa+6ZMw

Entry address:
0x12931

Entry point:
E8, 96, 0D, 01, 00, E9, 41, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, F0, 10, 49, 00, 89, 0D, EC, 10, 49, 00, 89, 15, E8, 10, 49, 00, 89, 1D, E4, 10, 49, 00, 89, 35, E0, 10, 49, 00, 89, 3D, DC, 10, 49, 00, 66, 8C, 15, 08, 11, 49, 00, 66, 8C, 0D, FC, 10, 49, 00, 66, 8C, 1D, D8, 10, 49, 00, 66, 8C, 05, D4, 10, 49, 00, 66, 8C, 25, D0, 10, 49, 00, 66, 8C, 2D, CC, 10, 49, 00, 9C, 8F, 05, 00, 11, 49, 00, 8B, 45, 00, A3, F4, 10, 49, 00, 8B, 45, 04, A3, F8, 10, 49, 00, 8D, 45, 08, A3, 04, 11, 49, 00, 8B...
 
[+]

Entropy:
6.3576

Code size:
380 KB (389,120 bytes)

Service
Display name:
tpydklloou32

Type:
Win32OwnProcess


Remove tpydklloou32.exe - Powered by Reason Core Security