home

dealohmania.exe

The application dealohmania.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from installerlaunch-gn1.com.
MD5:
c9471eaf6911a0000aa9943e9cc09b92

SHA-1:
1fb0d576676d8819c9f060804f0eb6e53143d2ba

SHA-256:
28b06fcb97a3ab94794906f98d0cb1a71dad87c60a3b7e84491623ccb50f964e

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/30/2024 2:47:36 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:InstallCore-GD [PUP]
160727-6

ESET NOD32
Win32/InstallCore.AZ potentially unwanted application
8.0.319.0

File size:
1.2 MB (1,251,960 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\dealohmania.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:BB1atRDrJ+/zA9JlB546cdhH8OxtQK06uEhEZW9AZ/VJ:ctVrE7ARB54xHH8ECEhV9i/V

Entry address:
0xD5C80

Entry point:
55, 8B, EC, 83, C4, F0, B8, F0, 2E, 40, 00, E8, 19, D2, FF, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.8312

Developed / compiled with:
Microsoft Visual C++

Code size:
866 KB (886,784 bytes)

The file dealohmania.exe has been seen being distributed by the following URL.

http://installerlaunch-gn1.com/index.php?dl=download.installerlaunch-gn1.com/dlm/generic_4801_v1.exe&dn=DealOhMania.exe&sid=2977-dlm-v1A&pid=1309&browser=ch&ptrk=k5c0b45kit187if0uhajhjbuj1&typ=http://.../ty.php

Remove dealohmania.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.