uninstallcouponactivator.exe

Coupon Print Activator

Catalina Marketing Corp.

The application uninstallcouponactivator.exe, “Coupon Print Activator Application” by Catalina Marketing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including Morningstar Excel API by Morningstar Inc. and Coupon Printer for Windows by Coupons.com Incorporated. The file has been seen being downloaded from offers.e-centives.com and multiple other hosts.
Publisher:
Catalina Marketing Corp.   (signed by Catalina Marketing Corp.)

Product:
Coupon Print Activator

Description:
Coupon Print Activator Application

Version:
5, 0, 0, 0

MD5:
afaa822191d8ffe037eeaaa39f3051a7

SHA-1:
86b07630fdb463c7ce0399e07303e259462bd61f

SHA-256:
4de9b77681f45def9943ddda2a4538801faccf03bcd694cca02070cc820a1ad7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/24/2024 8:09:57 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.CatalinaMarketingCorp.Y
14.3.18.19

File size:
474.2 KB (485,576 bytes)

Product version:
5, 0, 0, 0

Copyright:
Copyright (C) 2010-2012

Original file name:
CouponActivator.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\catalina marketing corp\uninstallcouponactivator.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
6/13/2011 8:00:00 PM

Valid to:
6/30/2012 7:59:59 PM

Subject:
CN=Catalina Marketing Corp., O=Catalina Marketing Corp., L=Saint Petersburg, S=Florida, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
58EEF086B62BFC91091CA53361F08E06

File PE Metadata
Compilation timestamp:
9/14/2011 7:26:38 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:Hk2ow78DmkJyq+jW87E76QjVmASFbyQK9:nImkAjzE6QhmA+OQK9

Entry address:
0x78B3

Entry point:
E8, C9, 71, 00, 00, E9, 17, FE, FF, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 54, 54, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 85, C0, 5F, 89, 45, FC, 5E, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 6C, 50, 41, 00, C9, C2, 08, 00, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B...
 
[+]

Entropy:
7.5443

Code size:
80 KB (81,920 bytes)

The file uninstallcouponactivator.exe has been discovered within the following programs.

Coupon Printer for Windows  by Coupons.com Incorporated
Coupon Printer for Windows is software that allows users to build and print coupons that will be accepted at retail stores from Coupons.com. The printer application also bundles the CouponBar, a web browser toolbar.
www.coupons.com
69% remove it
Morningstar Excel API  by Morningstar Inc.
advisor.morningstar.com
About 8% of users remove it
 
Powered by Should I Remove It?

The file uninstallcouponactivator.exe has been seen being distributed by the following 4 URLs.

Remove uninstallcouponactivator.exe - Powered by Reason Core Security