home

upgrade7000.exe

ShopAtHome.com

The application upgrade7000.exe by ShopAtHome.com has been detected as a potentially unwanted program by 2 anti-malware scanners. This file is typically installed with the program ShopAtHome.com Toolbar by Belcaro Group Inc. which is a potentially unwanted software program.
Publisher:
ShopAtHome.com  (signed and verified)

MD5:
bfcee84fdc4e6a2d17a6555730a66c12

SHA-1:
8d571eb0cc6c85645b921a95c73df6ef06d96c6f

SHA-256:
7f5a04364bb150802c3ba68a9e487a2c5d7f9ee501fefb1e5107d55c1e01a375

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 2:49:02 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ShopAtHome.L
14.6.5.18

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.0

File size:
159.4 KB (163,192 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\selectrebates\upgrade7000.exe

Digital Signature
Signed by:
ShopAtHome.com

Authority:
VeriSign, Inc.

Valid from:
4/22/2013 7:00:00 PM

Valid to:
7/22/2016 6:59:59 PM

Subject:
CN=ShopAtHome.com, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ShopAtHome.com, L=Greenwood Village, S=Colorado, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7CDE093D5E63B7D49F5B9BBF9E788E57

File PE Metadata
Compilation timestamp:
3/24/2014 10:44:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:WsvnsOUQgDFwwrCsrPHyRQ46OT4ON+1vPn:AO8DFwACsrPHyRQI8ONOX

Entry address:
0x85C0

Entry point:
E8, 8A, 42, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 3C, 23, 00, 00, 3B, 0D, 00, 42, 42, 00, 75, 02, F3, C3, E9, 06, 43, 00, 00, 8B, FF, 55, 8B, EC, 5D, E9, DB, FF, FF, FF, 8B, FF, 51, C7, 01, 8C, D3, 41, 00, E8, F3, 43, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, B2, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 2B, 44, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00...
 
[+]

Entropy:
6.4611

Code size:
110 KB (112,640 bytes)

The file upgrade7000.exe has been discovered within the following program.

ShopAtHome.com Toolbar  by Belcaro Group Inc.
The ShopAtHome.com Toolbar will have the ability to inject such content into search results in your browser. Such content will be identified as ShopAtHome.com content, and you will have the ability to disable this feature of the Toolbar.
www.shopathome.com
64% remove it
 
Powered by Should I Remove It?

Remove upgrade7000.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.