popdeals3.exe

Installmatic, LLC

This is part of the Installmatic installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file popdeals3.exe, “Windows SuperBargain Application” by Installmatic has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the Installmatic Setup installer. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.popcrew.info.
Publisher:
SuperBargain  (signed by Installmatic, LLC)

Product:
SuperBargain

Description:
Windows SuperBargain Application

Version:
1.0.2.7

MD5:
67b7b7cf632b15cec605c8ec17ef39e4

SHA-1:
3c0d784889899146082079dd4aef1d396c76bf77

SHA-256:
112f65e6aa52446b93830e2a58d9bcb7d97a8757bbc5857706336d8358cbb82e

Scanner detections:
25 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/23/2024 6:56:48 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2282258
606

Agnitum Outpost
PUA.Popdeals
7.1.1

AhnLab V3 Security
PUP/Win32.Agent
2015.06.01

Avira AntiVirus
ADWARE/PopDeals.161336
8.3.1.6

avast!
MSIL:Adware-O [Adw]
2014.9-150608

AVG
Downloader
2016.0.3084

Baidu Antivirus
Adware.MSIL.Popdeals
4.0.3.1568

Bitdefender
Trojan.GenericKD.2282258
1.0.20.795

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
TrojWare.Win32.Fsysna.CLJ
22294

Emsisoft Anti-Malware
Trojan.GenericKD.2282258
8.15.06.08.03

ESET NOD32
MSIL/Adware.Popdeals (variant)
9.11713

Fortinet FortiGate
MSIL/MSIL.A
6/8/2015

F-Secure
Trojan.GenericKD.2282258
11.2015-08-06_2

G Data
Trojan.GenericKD.2282258
15.6.25

IKARUS anti.virus
AdWare.DealApp
t3scan.1.9.2.0

K7 AntiVirus
Adware
13.204.16089

McAfee
Artemis!67B7B7CF632B
5600.6740

MicroWorld eScan
Trojan.GenericKD.2282258
16.0.0.477

nProtect
Trojan.GenericKD.2282258
15.05.29.01

Reason Heuristics
PUP.Installmatic.SuperBargain
15.6.8.15

Sophos
Mal/MSIL-LL
4.98

Trend Micro House Call
TROJ_GEN.R03EC0EDE15
7.2.159

Trend Micro
TROJ_GEN.R03EC0EDE15
10.465.08

VIPRE Antivirus
MSIL.Adware.Popdeals
40720

File size:
157.6 KB (161,336 bytes)

Product version:
1.0.2.7

Copyright:
Copyright © 2014 - SuperBargain

Original file name:
popdeals3.exe

Bundler/Installer:
Installmatic Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\tmpd400.tmp

Digital Signature
Authority:
COMODO CA Limited

Valid from:
9/11/2014 9:00:00 PM

Valid to:
9/12/2015 8:59:59 PM

Subject:
CN="Installmatic, LLC", O="Installmatic, LLC", STREET="80 SW 8th St #2000", L=Miami, S=FL, PostalCode=33130, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
574F435B169EC460893AD0187E44D858

File PE Metadata
Compilation timestamp:
4/7/2015 5:16:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:pip6YYe3DP9hEbEsRWiKOe10weGr+ELHHN40YEJ2G4MCc57:cwMTPgAszeuweGr+ELHt40YEJ2Zhm

Entry address:
0x2C00A

Entry point:
FF, 25, 00, C0, 42, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
76.5 KB (78,336 bytes)

The file popdeals3.exe has been seen being distributed by the following URL.

Remove popdeals3.exe - Powered by Reason Core Security