» deal boat.exe
Overview
Analysis
File Details
Downloads (1)

deal boat.exe

Appealing Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application deal boat.exe by Appealing Apps has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

deal boat.exe

Publisher:

Appealing Apps (signed and verified)

MD5:

cf5356dcb4ac90daba32409b478e745f

SHA-1:

dc2ff33d279d2d35825a970880d4f340527622c4

SHA-256:

e0fec77c1102f2584359e5379744b3969b3ab0853b00a2e7fc1c17806471b2ce

Scanner detections:

6 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/23/2024 6:12:40 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.Crossrider.16835

9.0.1.0130

ESET NOD32

Win32/AdWare.SmartApps

8.9782

G Data

Win32.Adware.Smartapps

14.5.24

Reason Heuristics

PUP.AppealingApps.J

14.8.7.17

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.0

Zillya! Antivirus

Downloader.Psyme.VBS.1

2.0.0.1784

File size:

1.3 MB (1,348,808 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\deal boat.exe

Digital Signature

Signed by:

Appealing Apps

Authority:

Thawte, Inc.

Valid from:

6/3/2013 5:00:00 PM

Valid to:

6/4/2014 4:59:59 PM

Subject:

CN=Appealing Apps, O=Appealing Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0444AA3B06F7BBDC2E37AF0824FB38C7

File PE Metadata

Compilation timestamp:

2/19/2012 7:01:49 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

24576:gtzip5LWE5BVSTE973Zor4PVwRVYMub4F009FuTZUBsLPT:g1IBCGoUV804kTZUOL7

Entry address:

0x4327

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.9788 (probably packed)

Code size:

34.5 KB (35,328 bytes)

The file deal boat.exe has been seen being distributed by the following URL.

http://www.update-srv.info/.../.eJw1jEEKgCAUBe_y1m7MTPIyYmQSSYpfCIru3i9o-2bmXfCluHWGlZ3pjUDztMFi3an5lEKFQPmwfumZ9_DZutODUuL33JJ8JFg1SgFeYuCPUvPM-VTzQaEyHe4HcSsikg.T6eFb8i1XXmdW2UfHIAZh1Yp6Pc

Remove deal boat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.