home

DealRunner.exe

DealRunner

Shop to Win, LLC

The application DealRunner.exe by Shop to Win has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Jackpot Rewards  (signed by Shop to Win, LLC)

Product:
DealRunner

Version:
1.1.1.0

MD5:
9489cb0cc5c7240f5237d9fe918144ed

SHA-1:
34c822534f44ec5c6dea35834bd7be5b01cc08d7

SHA-256:
e66940a55063be6befa94b0575df23a171124f493c0be7ba6e0fdf13f0d02b3c

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
2/25/2025 4:13:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Shop To Win.ShoptoWi (M)
16.6.26.21

File size:
1.8 MB (1,924,184 bytes)

Product version:
1.1.1.0

Copyright:
(c) 2010 Jackpot Rewards

Original file name:
DealRunner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\dealrunner\dealrunner.exe

Digital Signature
Signed by:
Shop to Win, LLC

Authority:
Thawte, Inc.

Valid from:
8/29/2010 8:00:00 PM

Valid to:
8/11/2011 7:59:59 PM

Subject:
CN="Shop to Win, LLC", O="Shop to Win, LLC", L=Waltham, S=Massachusetts, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5253D8B27EE6565A3278897F87D5319B

File PE Metadata
Compilation timestamp:
12/18/2010 1:24:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:MrkFlotIIaB8tqFkKW3XHA0Vr9urVGGQy8ah023iXW:MrkFlouIVacA+x+Vbv3ByXW

Entry address:
0x9BF5C

Entry point:
E9, 4F, B9, 0C, 00, E9, 5A, 86, 02, 00, E9, 95, B3, 02, 00, E9, A0, 1B, 0E, 00, E9, FB, 26, 05, 00, E9, F6, FD, 03, 00, E9, 61, 5A, 07, 00, E9, 7C, 16, 06, 00, E9, 67, 6E, 02, 00, E9, 62, 9D, 0D, 00, E9, 9D, CE, 0D, 00, E9, 58, 1F, 0B, 00, E9, E3, 29, 06, 00, E9, 1E, 92, 0C, 00, E9, B9, 07, 0D, 00, E9, F4, 75, 11, 00, E9, FD, 19, 0B, 00, E9, 9A, 9F, 04, 00, E9, 65, EC, 03, 00, E9, 00, DA, 00, 00, E9, 3B, 11, 0B, 00, E9, 36, 19, 06, 00, E9, 61, A9, 0B, 00, E9, AE, 8C, 12, 00, E9, A7, DB, 0D, 00, E9, E2, 11...
 
[+]

Entropy:
5.8228

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
1.2 MB (1,283,072 bytes)

Remove DealRunner.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.