» savepathdealssetup.exe
Overview
Analysis
File Details
Downloads (1)

savepathdealssetup.exe

Savepath Deals

This is the installer and setup program from the Savepath Deals branded Yontoo adware web browser extension. This adware injects various forms of advertisements in the user's web browser based on the HTML content and URLs viewed. Ad include banners, in-line context text links, coupons, and search. The program will install an auto-updating Windows service that will update the software with additional features. The application savepathdealssetup.exe by Savepath Deals has been detected as adware by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software.

File name:

Publisher:

Savepath Deals (signed and verified)

MD5:

f67c686ec6064a1f0b7d91603dbba7e0

SHA-1:

af4e684b5f12867e020eb742a57016fae5dbf229

SHA-256:

8a336a2767427c0d4f8893ecfc61d0e5d88ec49b370cd3d07b28e66cf2231cff

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

11/5/2024 2:43:09 AM UTC (today)

Scan engine

Detection

Engine version

AVG

MalSign.Savepath

2015.0.3387

Reason Heuristics

PUP.Installer.SavepathDeals.S

14.8.9.14

File size:

4 MB (4,229,760 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\savepathdealssetup.exe

Digital Signature

Signed by:

Savepath Deals

Authority:

COMODO CA Limited

Valid from:

5/16/2013 8:00:00 PM

Valid to:

5/17/2014 7:59:59 PM

Subject:

CN=Savepath Deals, O=Savepath Deals, STREET=2526 W Macarthur blvd, STREET=UNIT G, L=Santa Ana, S=CA, PostalCode=92704, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0080BC518A6FEE7C80D4DA50F0F5EEB4DA

File PE Metadata

Compilation timestamp:

9/12/2013 3:36:52 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:7mtml9lQHs2Q6EBS1NJbMakIjmmUV2OUq6YuBeOgCM:7mtml47Q671NJbRNj82U6ngB

Entry address:

0x81883

Entry point:

E8, 77, 63, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 5C, A6, 4A, 00, 75, 02, F3, C3, E9, FE, 63, 00, 00, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 94, 74, 49, 00, 8B, 09, 89, 48, 04, C6, 40, 08, 00, 5D, C2, 08, 00, 8B, 41, 04, 85, C0, 75, 05, B8, 9C, 74, 49, 00, C3, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 57, 8B, F9, 74, 2D, 56, FF, 75, 08, E8, 23, 29, 00, 00, 8D, 70, 01, 56, E8, 27, 10, 00, 00, 59, 59, 89, 47, 04, 85, C0, 74, 11, FF, 75, 08, 56, 50, E8, A7, 64, 00, 00, 83, C4, 0C, C6, 47, 08, 01, 5E, 5F, 5D... 
[+]

Entropy:

7.8929 (probably packed)

Code size:

597.5 KB (611,840 bytes)

The file savepathdealssetup.exe has been seen being distributed by the following URL.

https://s3.amazonaws.com/apps.advizz.com/.../SavepathDealsSetup.exe

Remove savepathdealssetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.