dealcabby.exe

AdPeak, Inc

This is the instaler for an an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application dealcabby.exe by AdPeak, Inc has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from cdn.install.oibundles2.com.
Publisher:
AdPeak, Inc  (signed and verified)

MD5:
4aeccca252923751ed23b4a74a6a05bd

SHA-1:
8a457640a7e1000ae95431bea2745d3d9775fcdd

SHA-256:
284d269a0fc14de3c3b21a36c871964d73c1b9003c1ff5de51790b6f6575ffd5

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
11/23/2024 10:41:24 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Adware.AdPeak.J
2013.8.28.0

Dr.Web
Adware.Shopper.301
9.0.1.0240

Norman
Downloader
11.20130828

Reason Heuristics
PUP.AdPeak.J
14.8.7.19

Sophos
AdPeak
4.91

Trend Micro House Call
ADW_ADPEAK
7.2.240

Trend Micro
ADW_ADPEAK
10.465.26

VIPRE Antivirus
Adware.Adpeak
21316

File size:
48.5 KB (49,672 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\dealcabby.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
8/3/2012 11:55:39 AM

Valid to:
9/16/2013 10:43:44 AM

Subject:
CN="AdPeak, Inc", O="AdPeak, Inc", L=Sarasota, S=FL, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
042CD88817C44D

File PE Metadata
Compilation timestamp:
12/5/2009 2:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:z/pT8mhxeQ/IkJTCxw+bzvDBnqb4WjXO3XJH5c0AKkn0kdMa2P3w5eTYCn:jumhxebkJf+FTXJH5vJk0skceTD

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.0723

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file dealcabby.exe has been seen being distributed by the following URL.

Remove dealcabby.exe - Powered by Reason Core Security