windowshopper.exe

Superfish Inc.

The application windowshopper.exe by Superfish has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.apptilio.com.
Publisher:
Superfish Inc.  (signed and verified)

MD5:
e110a112ca42ad118d72d135eb8b613a

SHA-1:
15ddf3201c0d0e9471b4651a4cbd1793ac35693f

SHA-256:
6df381795ea9985f89d16db3c4342c8aa009f4183fbb9e3f91c4dfe934e7e1e5

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
12/25/2024 1:15:28 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Sufish
2015.0.3529

Reason Heuristics
PUP.Superfish
15.3.1.9

File size:
832.7 KB (852,648 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\windowshopper.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
7/21/2012 5:00:00 PM

Valid to:
7/27/2013 4:59:59 PM

Subject:
CN=Superfish Inc., O=Superfish Inc., L=Grandville, S=Michigan, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6B29F7EFEEDE5E4984EFB651DA4094

File PE Metadata
Compilation timestamp:
2/24/2012 11:19:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:gESaXv4VuDpZ77AKQty6K5ESYzuxBCR1rSRjlHB:0aXgVixAKiy6110f

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.9724

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file windowshopper.exe has been seen being distributed by the following URL.

Remove windowshopper.exe - Powered by Reason Core Security