DealDropDown.exe

DealDropDown

Engaging Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application DealDropDown.exe, “DealDropDown Installer” by Engaging Apps has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Innovative Apps  (signed by Engaging Apps)

Product:
DealDropDown

Description:
DealDropDown Installer

Version:
1.29.153.2

MD5:
6eff44e3527358cd67f65822136c7fd1

SHA-1:
26e068c54de7d70a2513eb97d68ce63c9f7c1411

SHA-256:
8a6670a2f8e303400fc7fd7ac2267e3d816c13f0cdb571bdc95e33df501ef078

Scanner detections:
5 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
11/23/2024 5:03:48 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Crossrider.10
9.0.1.098

ESET NOD32
Win32/Packed.ScrambleWrapper
8.9483

Reason Heuristics
PUP.Installer.EngagingApps.M
14.8.7.21

Sophos
AppRider
4.98

VIPRE Antivirus
GamePlayLabs
26926

File size:
3.7 MB (3,892,312 bytes)

Copyright:
Copyright Innovative Apps

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\downloads\dealdropdown.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/3/2013 8:00:00 PM

Valid to:
6/4/2014 7:59:59 PM

Subject:
CN=Engaging Apps, O=Engaging Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
632EEBD9B987BC680D444D8675A26545

File PE Metadata
Compilation timestamp:
2/19/2012 10:01:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
98304:F79/g0bwqxaq9cYtWDbECFhYSQ6M14A0t+MfQ5gXOp8r8ZqB9Ugiz:vg8B0q9JtWXHFho6M12YM45IOWB9

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9946  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The file DealDropDown.exe has been seen being distributed by the following URL.

Remove DealDropDown.exe - Powered by Reason Core Security