popdeals3.exe

Installmatic, LLC

This is part of the Installmatic installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file popdeals3.exe, “Windows PopDeals Application” by Installmatic has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Installmatic Setup installer. It is also typically executed from the user's temporary directory.
Publisher:
PopDeals  (signed by Installmatic, LLC)

Product:
PopDeals

Description:
Windows PopDeals Application

Version:
1.0.1.7

MD5:
a50ccf4b7173780fa3e9fa8cc93b9841

SHA-1:
8983ab9edfd15129c31c53c8e71616fffcaf5fde

SHA-256:
bdca3c3ead2c88bcae34bb1a56cd1067af0a7cf8eb1aec4138c26e87d77fef7a

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 12:54:26 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installmatic (M)
17.3.14.4

File size:
92.9 KB (95,168 bytes)

Product version:
1.0.1.7

Copyright:
Copyright © 2014 PopDeals

Original file name:
popdeals3.exe

Bundler/Installer:
Installmatic Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\tmpc66f.tmp

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/27/2014 9:00:00 PM

Valid to:
8/28/2015 8:59:59 PM

Subject:
CN="Installmatic, LLC", O="Installmatic, LLC", STREET="80 SW 8th St #2000", L=Miami, S=FL, PostalCode=33130, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00DE50744A5F06D68B2C7A5999B51AAB42

File PE Metadata
Compilation timestamp:
11/17/2014 10:17:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x175CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 80, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
85.5 KB (87,552 bytes)

Remove popdeals3.exe - Powered by Reason Core Security