updater27793.exe

CouponDropDown Plugin

Innovative Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application updater27793.exe, “CouponDropDown Plugin exe” has been detected as adware by 12 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
Innovative Apps

Product:
CouponDropDown Plugin

Description:
CouponDropDown Plugin exe

Version:
1000.1000.1000.1000

MD5:
5dd0d2719359194ebd5cf51fbe00ae5a

SHA-1:
03b9704f54d48472daa43da7114e16effe0890dc

SHA-256:
75bf26abc2a27854b91d327890eb1444d9970431838c4e7a8780ea06bd79e173

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
11/27/2024 4:46:54 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
SmartShopper.G
2014.0.3615

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.131225

Bkav FE
W32.Clod808.Trojan
1.3.0.4613

Dr.Web
Adware.Plugin.88
9.0.1.0359

ESET NOD32
Win32/Toolbar.CrossRider (variant)
7.9257

herdProtect (fuzzy)
2014.1.2.15

K7 AntiVirus
Trojan
13.175.10750

McAfee
Artemis!67CAE5BFA730
5600.7262

NANO AntiVirus
Trojan.Win32.Plugin.cqzpgj
0.28.0.57029

Reason Heuristics
PUP.Task.InnovativeApps.M
14.2.20.19

Trend Micro House Call
TROJ_GEN.R0C1H05L813
7.2.359

VIPRE Antivirus
GamePlayLabs
25158

File size:
201.5 KB (206,336 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CouponDropDown Plugin.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\updater27793\updater27793.exe

File PE Metadata
Compilation timestamp:
1/15/2013 4:31:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:q/2e1jiykkaE5dKvKJZltWRkWTpJitu8xQAei7MxNEndGM/EC:ne9iykqZvlt4k8Jkn+Aei7MxvM9

Entry address:
0x15B31

Entry point:
E8, 95, 83, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 22, E2, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 20, 26, 43, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 6C, 90, 42, 00...
 
[+]

Entropy:
6.4282

Code size:
158 KB (161,792 bytes)

Scheduled Task
Task name:
Updater27793.exe

Trigger:
Time (Next runs on 12/25/2013 at 4:48 PM)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to geoplugin.net  (178.237.36.10:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.50.25:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

Remove updater27793.exe - Powered by Reason Core Security