dp.exe

DealPly Technologies Ltd

The application dp.exe by DealPly Technologies has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Arquivo171212 by Arquivo. The file has been seen being downloaded from download.instcdn.com and multiple other hosts.
Publisher:
DealPly  (signed by DealPly Technologies Ltd)

Product:
DealPly

Version:
4.3.0.0

MD5:
953f9ae5a36c5c281fb0a1a75727fd37

SHA-1:
f7c903191ea312d9fdf7d8c9bbe2f1f418402f67

SHA-256:
fe2eb1c78a27ae78a6140bbd1e5427df5015e1778d8059d02f8e35e29590752e

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
12/24/2024 1:06:10 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
SmartShopper.D
2014.0.3544

Baidu Antivirus
Adware.Win32.Agent
4.0.3.131127

Boost by Reason
Optional.DealPly.C
188838

Dr.Web
Adware.Shopper.328
9.0.1.0241

ESET NOD32
Win32/DealPly
7.9190

K7 AntiVirus
Trojan
13.174.10609

Malwarebytes
PUP.Optional.Dealply
v2013.08.29.09

Reason Heuristics
PUP.DealPly.C
14.8.7.17

Trend Micro House Call
TROJ_GEN.R00HH05K413
7.2.241

VIPRE Antivirus
Adware.DealPly
24692

File size:
473.3 KB (484,624 bytes)

Product version:
4.3.0.0

Copyright:
Copyright (C) 2012 DealPly Technologies Ltd.

Trademarks:
[dealplydef:dealplydef] - DealPly is a trademark or registered trademark of DealPly in the U.S. and/or other countries.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\dp.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/13/2012 5:00:00 PM

Valid to:
6/14/2015 4:59:59 PM

Subject:
CN=DealPly Technologies Ltd, O=DealPly Technologies Ltd, STREET=13 Barth St., L=Tel Aviv, S=Israel, PostalCode=69104, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
016DFA78310264827B57EAD4F620C264

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:hDGlf3YljEptynCaWUEgWGNX8nk9+ePFljEpOeu:hKlEcNUEgWGN+k9+KzrL

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9028

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file dp.exe has been discovered within the following program.

Arquivo171212  by Arquivo
About 4% of users remove it
 
Powered by Should I Remove It?

The file dp.exe has been seen being distributed by the following 5 URLs.

http://download.instcdn.com/xmlcdn/.../dp.exe

Remove dp.exe - Powered by Reason Core Security