utildealkeeper.exe

KnowledgeSlot

The application utildealkeeper.exe by KnowledgeSlot has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Util Deal Keeper”.
Publisher:
KnowledgeSlot  (signed and verified)

Version:
1.0.6267.16809

MD5:
2a5ec4952ae81e356cd495c5916ba262

SHA-1:
1498b522554b60c30a1c15e8285d21efb988166d

SHA-256:
de22fbada4f3d87d9a2a1d6e197217d0fc05466c5d76322bc44a0b588cf71359

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 12:17:59 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
17.2.27.19

File size:
637.4 KB (652,712 bytes)

Product version:
1.0.6267.16809

Original file name:
DealKeeper2017022717.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\deal keeper\bin\utildealkeeper.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
10/21/2016 1:00:00 AM

Valid to:
10/22/2017 12:59:59 AM

Subject:
CN=KnowledgeSlot, O=KnowledgeSlot, L=San Diego, S=California, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
571B5278123E0502FACCEABA06C95EC2

File PE Metadata
Compilation timestamp:
2/27/2017 6:20:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x9F30E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
629 KB (644,096 bytes)

Service
Display name:
Util Deal Keeper

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a184-51-126-176.deploy.static.akamaitechnologies.com  (184.51.126.176:80)

TCP (HTTP):
Connects to a184-51-126-194.deploy.static.akamaitechnologies.com  (184.51.126.194:80)

TCP (HTTP):
Connects to etg-01-033.etg.ras.cantv.net  (200.44.26.33:80)

TCP (HTTP):

TCP (HTTP):
Connects to etg-01-025.etg.ras.cantv.net  (200.44.26.25:80)

TCP (HTTP):
Connects to client-190-91-253-168.imovil.entelpcs.cl  (190.91.253.168:80)

TCP (HTTP):
Connects to client-190-91-253-187.imovil.entelpcs.cl  (190.91.253.187:80)

TCP (HTTP):
Connects to client-190-91-253-169.imovil.entelpcs.cl  (190.91.253.169:80)

TCP (HTTP):
Connects to a72-247-182-40.deploy.akamaitechnologies.com  (72.247.182.40:80)

TCP (HTTP):
Connects to a72-247-182-35.deploy.akamaitechnologies.com  (72.247.182.35:80)

TCP (HTTP):

Remove utildealkeeper.exe - Powered by Reason Core Security