» Deal Boat.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

Deal Boat.dll

Deal Boat

Excellent Apps

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module Deal Boat.dll by Excellent Apps has been detected as adware by 13 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘CrossriderApp0012747’. This file is typically installed with the program Deal Boat by 215 Apps which is a potentially unwanted software program. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

Deal Boat.dll

Publisher:

215 Apps (signed by Excellent Apps)

Product:

Deal Boat

Description:

Deal Boat BHO

Version:

1.1.153.58

MD5:

a26e4434fe04d30336a35ae5a0c48a3a

SHA-1:

094a9523407f2c7e4e8fb544af55acbd866433cf

SHA-256:

433bd3edd689fd656e47b969d2e27c06362295f0312e15bac3c7da557c8dbf23

Scanner detections:

13 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/20/2024 3:07:11 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.VidSaver.1

380

Bitdefender

Gen:Variant.Adware.VidSaver.1

1.0.20.105

Comodo Security

ApplicUnwnt

18076

Emsisoft Anti-Malware

Gen:Variant.Adware.VidSaver

8.16.01.21.09

ESET NOD32

Win32/Toolbar.CrossRider (variant)

10.9656

Fortinet FortiGate

Adware/Fam.NB

1/21/2016

F-Secure

Gen:Variant.Adware.VidSaver.1

11.2016-21-01_5

G Data

Gen:Variant.Adware.VidSaver

16.1.24

MicroWorld eScan

Gen:Variant.Adware.VidSaver.1

17.0.0.63

Reason Heuristics

PUP.50OnRed.ExcellentApps (M)

16.1.21.9

Sophos

AppRider

4.98

Trend Micro House Call

TROJ_GEN.F47V0122

7.2.21

VIPRE Antivirus

GamePlayLabs

28168

File size:

687.9 KB (704,392 bytes)

Product version:

1.1.153.58

Original file name:

Deal Boat.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\deal boat\deal boat.dll

Digital Signature

Signed by:

Excellent Apps

Authority:

Thawte, Inc.

Valid from:

8/28/2012 8:00:00 PM

Valid to:

8/29/2013 7:59:59 PM

Subject:

CN=Excellent Apps, O=Excellent Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

6D2FB6375D3A8788B735FEDBD060732B

Registration

CLSIDs:

{11111111-1111-1111-1111-110111271147}, {22222222-2222-2222-2222-220122272247}

ProgIDs:

CrossriderApp0012747.BHO.1, CrossriderApp0012747.Sandbox.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

2/11/2013 9:07:38 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:/uU1oTd6pitTRSR50tPCD/Hac1Azj/Pq56Tob17bHM06Yh+Cp:mUSd6pitTRSD0tPCDC1zjnjTobdblD+c

Entry address:

0x4538D

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, BF, B1, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, A2, B7, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 90, BF, 09, 10, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18... 
[+]

Entropy:

6.6453

Code size:

488 KB (499,712 bytes)

Internet Explorer BHO

Display name:

CrossriderApp0012747

CLSID:

{11111111-1111-1111-1111-110111271147}

CLSID name:

Deal Boat

The file Deal Boat.dll has been discovered within the following program.

Deal Boat by 215 Apps

The Amazing Apps Deal Boat web browser hijacker is very aggressive adware. It injects a web browser extension in IE, FF as well as Chrome in order to modify web page ads.

84% remove it

Remove Deal Boat.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.