home

dp.exe

DealPly

DealPly Technologies Ltd

The application dp.exe by DealPly Technologies has been detected as adware by 23 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.bubbledock.es and multiple other hosts.
Publisher:
DealPly Technologies Ltd.  (signed by DealPly Technologies Ltd)

Product:
DealPly

Version:
4.8.7.2

MD5:
3bb12f100f4ca64d8fcfcb6eaec22767

SHA-1:
00f0f12b957c93533a4f8bbda4669206292bc27a

SHA-256:
a82f8238a3d83ad578c2ce905440c568104b2594bfa9cf319a5572cdecbbe058

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
11/22/2024 8:58:33 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.DealPly.G
1151

AhnLab V3 Security
PUP/Win32.DealPlay
2013.11.26

avast!
Win32:DealPly-A [PUP]
2014.9-140807

Bitdefender
Adware.DealPly.G
1.0.20.1645

Bkav FE
W32.Clod69d.Trojan
1.3.0.4562

Boost by Reason
Optional.DealPly.C
188838

Comodo Security
Application.Win32.DealPly.~BHU
17338

Dr.Web
Adware.Shopper.348
9.0.1.0329

Emsisoft Anti-Malware
Adware.DealPly
8.13.11.25.01

ESET NOD32
Win32/DealPly
7.8719

F-Secure
Adware.DealPly.G
11.2013-25-11_2

G Data
Adware.DealPly
13.11.22

K7 AntiVirus
Unwanted-Program
13.174.10530

Malwarebytes
PUP.Optional.DealPly.A
v2013.11.25.01

McAfee
Artemis!F9CD7F14B752
5600.7222

MicroWorld eScan
Adware.DealPly.G
14.0.0.987

nProtect
Adware.DealPly.G
14.02.11.01

Reason Heuristics
PUP.DealPly.C
14.8.7.17

Sophos
Generic PUA BI
4.95

Trend Micro House Call
ADW_DEALPLY
7.2.208

Trend Micro
ADW_DEALPLY
10.465.27

VIPRE Antivirus
Adware.DealPly
23714

ViRobot
Adware.DealPly.1498184
2011.4.7.4223

File size:
1.4 MB (1,443,656 bytes)

Product version:
4.8.7.2

Copyright:
Copyright © 2013 DealPly Technologies Ltd

Trademarks:
[dealplydef:dealplydef] DealPly and DealPly Shopping are trademarks or registered trademarks of DealPly Technologies Ltd in the U.S. and/or other coun

Original file name:
dp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\dp.exe

Digital Signature
Signed by:
DealPly Technologies Ltd

Authority:
COMODO CA Limited

Valid from:
6/13/2012 5:00:00 PM

Valid to:
6/14/2015 4:59:59 PM

Subject:
CN=DealPly Technologies Ltd, O=DealPly Technologies Ltd, STREET=13 Barth St., L=Tel Aviv, S=Israel, PostalCode=69104, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
016DFA78310264827B57EAD4F620C264

File PE Metadata
Compilation timestamp:
5/7/2013 1:34:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:Yh5/d9R5B5Ma2EyAaJopT/YC400QnG5aps6EdGVJXk1NIeGLtM9So9Ac:YhHyAaJEYqGgpslE/0TGLtno9F

Entry address:
0x1AEAE

Entry point:
E8, BA, 26, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 38, F1, 42, 00, 89, 0D, 34, F1, 42, 00, 89, 15, 30, F1, 42, 00, 89, 1D, 2C, F1, 42, 00, 89, 35, 28, F1, 42, 00, 89, 3D, 24, F1, 42, 00, 66, 8C, 15, 50, F1, 42, 00, 66, 8C, 0D, 44, F1, 42, 00, 66, 8C, 1D, 20, F1, 42, 00, 66, 8C, 05, 1C, F1, 42, 00, 66, 8C, 25, 18, F1, 42, 00, 66, 8C, 2D, 14, F1, 42, 00, 9C, 8F, 05, 48, F1, 42, 00, 8B, 45, 00, A3, 3C, F1, 42, 00, 8B, 45, 04, A3, 40, F1, 42, 00, 8D, 45, 08, A3, 4C, F1, 42...
 
[+]

Entropy:
7.8959  (probably packed)

Code size:
135.5 KB (138,752 bytes)

The file dp.exe has been seen being distributed by the following 10 URLs.

http://cdn.bubbledock.es/cl/inst/bundles/dealply/.../dp.exe

http://d1pg43ots40sgg.cloudfront.net/bundle/DealPly/.../dp.exe

http://www.instseo.com/installers/software/.../dp.exe

http://d2ugaifelwk06r.cloudfront.net/dp.exe

http://d3ijsb1ryk5jd8.cloudfront.net/cl/inst/bundles/DealPly/.../dp.exe

http://d3d6wi7c7pa6m0.cloudfront.net/bundles/.../dp_20130624_test.exe

http://dmrm038s4vkzd.cloudfront.net/cl/inst/bundles/DealPly/.../dp.exe

http://cdn.airdlr6.com/downloads/offers/.../dpupdated2.exe

http://cdninst.com/offers/.../dp.exe

http://cdn.ppdownload.com/Installer/.../dp.exe

Remove dp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.