» popdeals3.exe
Overview
Analysis
File Details
Downloads (1)

popdeals3.exe

Installmatic, LLC

This is part of the Installmatic installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file popdeals3.exe, “Windows SuperBargain Application” by Installmatic has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the Installmatic Setup installer. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.popcrew.info.

File name:

popdeals3.exe

Publisher:

SuperBargain (signed by Installmatic, LLC)

Product:

SuperBargain

Description:

Windows SuperBargain Application

Version:

1.0.2.7

MD5:

67b7b7cf632b15cec605c8ec17ef39e4

SHA-1:

3c0d784889899146082079dd4aef1d396c76bf77

SHA-256:

112f65e6aa52446b93830e2a58d9bcb7d97a8757bbc5857706336d8358cbb82e

Scanner detections:

25 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/8/2024 6:40:00 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2282258

606

Agnitum Outpost

PUA.Popdeals

7.1.1

AhnLab V3 Security

PUP/Win32.Agent

2015.06.01

Avira AntiVirus

ADWARE/PopDeals.161336

8.3.1.6

avast!

MSIL:Adware-O [Adw]

2014.9-150608

AVG

Downloader

2016.0.3084

Baidu Antivirus

Adware.MSIL.Popdeals

4.0.3.1568

Bitdefender

Trojan.GenericKD.2282258

1.0.20.795

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

TrojWare.Win32.Fsysna.CLJ

22294

Emsisoft Anti-Malware

Trojan.GenericKD.2282258

8.15.06.08.03

ESET NOD32

MSIL/Adware.Popdeals (variant)

9.11713

Fortinet FortiGate

MSIL/MSIL.A

6/8/2015

F-Secure

Trojan.GenericKD.2282258

11.2015-08-06_2

G Data

Trojan.GenericKD.2282258

15.6.25

IKARUS anti.virus

AdWare.DealApp

t3scan.1.9.2.0

K7 AntiVirus

Adware

13.204.16089

McAfee

Artemis!67B7B7CF632B

5600.6740

MicroWorld eScan

Trojan.GenericKD.2282258

16.0.0.477

nProtect

Trojan.GenericKD.2282258

15.05.29.01

Reason Heuristics

PUP.Installmatic.SuperBargain

15.6.8.15

Sophos

Mal/MSIL-LL

4.98

Trend Micro House Call

TROJ_GEN.R03EC0EDE15

7.2.159

Trend Micro

TROJ_GEN.R03EC0EDE15

10.465.08

VIPRE Antivirus

MSIL.Adware.Popdeals

40720

File size:

157.6 KB (161,336 bytes)

Product version:

1.0.2.7

Original file name:

popdeals3.exe

Bundler/Installer:

Installmatic Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\tmpd400.tmp

Digital Signature

Signed by:

Installmatic, LLC

Authority:

COMODO CA Limited

Valid from:

9/11/2014 9:00:00 PM

Valid to:

9/12/2015 8:59:59 PM

Subject:

CN="Installmatic, LLC", O="Installmatic, LLC", STREET="80 SW 8th St #2000", L=Miami, S=FL, PostalCode=33130, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

574F435B169EC460893AD0187E44D858

File PE Metadata

Compilation timestamp:

4/7/2015 5:16:40 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:pip6YYe3DP9hEbEsRWiKOe10weGr+ELHHN40YEJ2G4MCc57:cwMTPgAszeuweGr+ELHt40YEJ2Zhm

Entry address:

0x2C00A

Entry point:

FF, 25, 00, C0, 42, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

76.5 KB (78,336 bytes)

The file popdeals3.exe has been seen being distributed by the following URL.

http://download.popcrew.info/popdeals3.exe

Remove popdeals3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.