home

DealRunner.exe

DealRunner

Shop to Win, LLC

The application DealRunner.exe by Shop to Win has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including Shop To Win by Shop To Win, LLC and DealRunner and Shop To Win by Jackpot Rewards, both potentially unwanted software.
Publisher:
Jackpot Rewards  (signed by Shop to Win, LLC)

Product:
DealRunner

Version:
1.2.2.0

MD5:
c178461d8089d0da44027e851a8eab53

SHA-1:
eaf0c2d36b1d7f709c1526b53f4d47bf4ec626cc

SHA-256:
d4d9ab8e88de23299e372c010cb7e477efe1946afbdc790047ce1fbbf45be7db

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/9/2025 11:00:11 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ShoptoWin.K
14.10.17.12

File size:
1.9 MB (2,023,000 bytes)

Product version:
1.2.2.0

Copyright:
(c) 2010 Jackpot Rewards

Original file name:
DealRunner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\dealrunner\dealrunner.exe

Digital Signature
Signed by:
Shop to Win, LLC

Authority:
Thawte, Inc.

Valid from:
8/29/2010 8:00:00 PM

Valid to:
8/11/2011 7:59:59 PM

Subject:
CN="Shop to Win, LLC", O="Shop to Win, LLC", L=Waltham, S=Massachusetts, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5253D8B27EE6565A3278897F87D5319B

File PE Metadata
Compilation timestamp:
3/28/2011 11:57:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:8wy+TR4FvHEzrRrqomKmB2I/7PDSufO/3DFFovsey8ah023RUmGzTa:8wy+t4FvHENP2NSumDHovG3BBYzTa

Entry address:
0xA7790

Entry point:
E9, 8B, 97, 0D, 00, E9, 76, 97, 02, 00, E9, B1, C4, 02, 00, E9, AC, 5C, 0F, 00, E9, F7, A5, 05, 00, E9, 82, 96, 04, 00, E9, DD, 8B, 08, 00, E9, D8, B6, 05, 00, E9, 83, 7F, 02, 00, E9, 6E, DE, 0E, 00, E9, A9, 0F, 0F, 00, E9, 64, 60, 0C, 00, E9, AF, 6C, 07, 00, E9, 8A, 61, 07, 00, E9, 95, 7B, 06, 00, E9, 20, DF, 0D, 00, E9, 6B, 49, 0E, 00, E9, F6, B6, 12, 00, E9, 0D, 5B, 0C, 00, E9, EC, 84, 04, 00, E9, B7, 16, 03, 00, E9, 42, E6, 00, 00, E9, 1D, 50, 0C, 00, E9, D8, BE, 05, 00, E9, 63, EA, 0C, 00, E9, BA, CC...
 
[+]

Entropy:
5.7938

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
1.3 MB (1,372,160 bytes)

The file DealRunner.exe has been discovered within the following programs.

DealRunner and Shop To Win  by Jackpot Rewards
DealRunner and Shop To Win inject coupon advertisements in the user's web browser.
www.dealpop.us
67% remove it
Shop To Win  by Shop To Win, LLC
By running a background program on your PC, Shop to Win by Jackpot Rewards allows users to win sweepstakes every time they make an online purchase at one of over 2,500 participating merchant partners.
www.shoptowin.net
74% remove it
 
Powered by Should I Remove It?

Remove DealRunner.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.