Home Malware Programs Adware Coupon Waterfall

Coupon Waterfall

Posted: June 27, 2014

Threat Metric

Threat Level: 2/10
Infected PCs: 361
First Seen: June 20, 2014
Last Seen: May 2, 2022
OS(es) Affected: Windows


Coupon Waterfall is an adware application that may render several advertisements on a computer. The various ads generated through Coupon Waterfall may interrupt surfing the internet and could reduce the performance of your web browser application. The Coupon Waterfall ads may redirect you to unwanted sites or sites that have questionable content where it may offer additional coupon deals and savings through various links. Coupon Waterfall may load through a previously downloaded and installed freeware program or random bundled software applications. Once it is loaded Coupon Waterfall will start rendering ads while you are using a web browser to surf the internet. Putting a stop to the Coupon Waterfall ads may require using antimalware software with the ability to remove adware from a PC.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%PROGRAMFILES(x86)%\Coupon Waterfall\FrameworkEngine.exe File name: FrameworkEngine.exe
Size: 282.67 KB (282672 bytes)
MD5: bc41cde8ef987fa2caa693e91ddabf53
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\Coupon Waterfall
Group: Malware file
Last Updated: June 20, 2014
%PROGRAMFILES%\Coupon Waterfall\FrameworkBHO.dll File name: FrameworkBHO.dll
Size: 408.16 KB (408168 bytes)
MD5: c081b29e30e2b51790b7f2da1930b9dd
Detection count: 50
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\Coupon Waterfall
Group: Malware file
Last Updated: June 20, 2014
%PROGRAMFILES%\Coupon Waterfall\FrameworkBHO.dll File name: FrameworkBHO.dll
Size: 288.81 KB (288816 bytes)
MD5: 496812f63dada32e59ac181091e662ca
Detection count: 47
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\Coupon Waterfall
Group: Malware file
Last Updated: June 20, 2014
%PROGRAMFILES(x86)%\Coupon Waterfall\FrameworkBHO64.dll File name: FrameworkBHO64.dll
Size: 493.8 KB (493800 bytes)
MD5: 2384b0ef20490c042c26ab023c3603ee
Detection count: 9
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES(x86)%\Coupon Waterfall
Group: Malware file
Last Updated: June 20, 2014
%PROGRAMFILES(x86)%\Coupon Waterfall\FrameworkBHO64.dll File name: FrameworkBHO64.dll
Size: 492.88 KB (492888 bytes)
MD5: 4935d53cf03f97c28a562db527173d6e
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES(x86)%\Coupon Waterfall
Group: Malware file
Last Updated: June 20, 2014
Coupon Waterfall.exe File name: Coupon Waterfall.exe
Size: 1.46 MB (1461704 bytes)
MD5: 527dd163e19adfd49a9b4e0c8b2e6e52
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: August 17, 2022

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{RegistryKeys}SOFTWARE\38917SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E2DE7B0-5FBE-418F-A91B-B72CD2A2037C}SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{2D2C8179-CA16-4A73-AFD8-1FF590437B1D}SOFTWARE\Wow6432Node\38917SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E2DE7B0-5FBE-418F-A91B-B72CD2A2037C}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{2D2C8179-CA16-4A73-AFD8-1FF590437B1D}

Additional Information

The following directories were created:
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Coupon Waterfall%LOCALAPPDATA%\Coupon Waterfall%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\ondkeeeaefemdncejfmojnhkphlgfepm%PROGRAMFILES%\Coupon Waterfall%PROGRAMFILES(x86)%\Coupon Waterfall
Loading...