dp.exe

DealPly Technologies Ltd

The application dp.exe, “http://www.dealply.com/” by DealPly Technologies has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.install.oibundles2.com.
Publisher:
DealPly  (signed by DealPly Technologies Ltd)

Product:
DealPly

Description:
http://www.dealply.com/

Version:
3.6.0.0

MD5:
c341fe87d7714655245b7bd8e13edb45

SHA-1:
c6d7e5a26ac756d6b18af1713f104d770a835f3e

SHA-256:
9246863864c9fa4db89e9e5a8ab1ea1ad3ee68c4786699965b06631099c7b17a

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
11/23/2024 11:21:27 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:DealPly-A [PUP]
2014.9-140120

Boost by Reason
Optional.DealPly.C
188838

Dr.Web
Adware.Shopper.328
9.0.1.020

ESET NOD32
Win32/DealPly
8.9237

K7 AntiVirus
Trojan
13.174.10689

Malwarebytes
PUP.Optional.Dealply
v2014.01.20.01

Reason Heuristics
PUP.DealPly.C
14.8.7.17

Rising Antivirus
NS:Malware.Install!1.9F21
23.00.65.14118

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
Adware.DealPly
24976

File size:
495.5 KB (507,400 bytes)

Product version:
3.6.0.0

Copyright:
Copyright (C) 2011 DealPly Technologies Ltd.

Trademarks:
[dealplydef:dealplydef] - DealPly is a trademark or registered trademark of DealPly in the U.S. and/or other countries.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\dp.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/7/2011 9:00:00 AM

Valid to:
7/7/2012 8:59:59 AM

Subject:
CN=DealPly Technologies Ltd, O=DealPly Technologies Ltd, STREET=13 Barth St., L=Tel Aviv, S=Israel, PostalCode=69104, C=IL

Issuer:
CN=COMODO Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6238E7E75D4E913EACA7A1A3F81BCC27

File PE Metadata
Compilation timestamp:
12/6/2009 7:50:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:7DGFUjJ3YljEpp/zUtEe7W0AKM7GA2IGWGNX8nk91PNljEplr:7KFdwrUuemyjrWGN+k99bY

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9093

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file dp.exe has been seen being distributed by the following URL.

Remove dp.exe - Powered by Reason Core Security