» deal vault-bg.exe
Overview
Analysis
File Details
Programs (1)

deal vault-bg.exe

Deal Vault

Excellent Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application deal vault-bg.exe by Excellent Apps has been detected as adware by 33 anti-malware scanners. This file is typically installed with the program Deal Vault by 215 Apps which is a potentially unwanted software program. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads.

File name:

deal vault-bg.exe

Publisher:

215 Apps (signed by Excellent Apps)

Product:

Deal Vault

Description:

Deal Vault exe

Version:

1.1.152.14

MD5:

37aeedacc50b066d4061211499754c1b

SHA-1:

ca01a96344e9f3ad47ddd9e28308ffc537ed3ffa

SHA-256:

cc488f96d840ebda907c4dbaf236d419561d776170ec5d61ca8840904b06bc9b

Scanner detections:

33 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Excellent Apps.

Analysis date:

4/25/2024 10:33:17 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.993472

375

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.183.178

avast!

Win32:Crossrider-AO [PUP]

2014.9-160126

AVG

Toolbar

2017.0.2853

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.16126

Bitdefender

Adware.Generic.993472

1.0.20.130

Bkav FE

W32.HfsAdware

1.3.0.7237

Boost by Reason

Optional.ExcellentApps

188838

Clam AntiVirus

Win.Adware.Agent-2199

0.98/18155

Comodo Security

ApplicUnwnt.Win32.AdWare.BHO.A

17593

Dr.Web

Adware.GamePlayLabs.45

9.0.1.026

Emsisoft Anti-Malware

Adware.Generic.993472

8.16.01.26.03

ESET NOD32

Win32/Toolbar.CrossRider.H potentially unwanted (variant)

10.12288

Fortinet FortiGate

Adware/Fam.NB

1/26/2016

F-Secure

Adware.Generic.993472

11.2016-26-01_3

G Data

Adware.Generic.993472

16.1.25

IKARUS anti.virus

AdWare.Agent

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.210.17284

Malwarebytes

PUP.Optional.DealVault

v2016.01.26.03

McAfee

Artemis!118FB93603F3

5600.6509

MicroWorld eScan

Adware.Generic.993472

17.0.0.78

NANO AntiVirus

Riskware.Win32.CrossRider.dffuxp

0.30.24.3283

nProtect

Adware.Agent.NNP

14.01.10.01

Reason Heuristics

PUP.50OnRed.ExcellentApps (M)

16.1.26.3

Sophos

AppRider (PUA)

4.98

SUPERAntiSpyware

Adware.Crossrider/Variant

9363

Trend Micro House Call

TROJ_GEN.R0CBH0AJA13

7.2.26

Trend Micro

TROJ_GEN.R047C0OC715

10.465.26

Vba32 AntiVirus

Trojan.Agent

3.12.24.3

VIPRE Antivirus

GamePlayLabs

43944

ViRobot

Trojan.Win32.A.Agent.907648

2011.4.7.4223

Zillya! Antivirus

Adware.Agent.Win32.58137

2.0.0.2408

File size:

1000.9 KB (1,024,904 bytes)

Product version:

1.1.152.14

Original file name:

Deal Vault.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\deal vault\deal vault-bg.exe

Digital Signature

Signed by:

Excellent Apps

Authority:

Thawte, Inc.

Valid from:

8/28/2012 7:00:00 PM

Valid to:

8/29/2013 6:59:59 PM

Subject:

CN=Excellent Apps, O=Excellent Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

6D2FB6375D3A8788B735FEDBD060732B

File PE Metadata

Compilation timestamp:

1/3/2013 11:51:43 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:CDrmETRbE3Uv5niuz8d0vPncbaM5FFlI0eiq62JM9L:ImuRbAUv5niuz8d0vPnEFFVe562JMF

Entry address:

0x9443E

Entry point:

E8, 0B, AD, 00, 00, E9, 89, FE, FF, FF, 2D, A4, 03, 00, 00, 74, 22, 83, E8, 04, 74, 17, 83, E8, 0D, 74, 0C, 48, 74, 03, 33, C0, C3, B8, 04, 04, 00, 00, C3, B8, 12, 04, 00, 00, C3, B8, 04, 08, 00, 00, C3, B8, 11, 04, 00, 00, C3, 8B, FF, 56, 57, 8B, F0, 68, 01, 01, 00, 00, 33, FF, 8D, 46, 1C, 57, 50, E8, 62, C6, FF, FF, 33, C0, 0F, B7, C8, 8B, C1, 89, 7E, 04, 89, 7E, 08, 89, 7E, 0C, C1, E1, 10, 0B, C1, 8D, 7E, 10, AB, AB, AB, B9, 78, 6F, 4F, 00, 83, C4, 0C, 8D, 46, 1C, 2B, CE, BF, 01, 01, 00, 00, 8A, 14, 01... 
[+]

Entropy:

6.5295

Code size:

835.5 KB (855,552 bytes)

The file deal vault-bg.exe has been discovered within the following program.

Deal Vault by 215 Apps

Deal Vault from 215 Apps (Amazing Apps/50onRed) installs a web browser extension (Internet Explorer Browser Helper Object) to view web pages loaded and looks for affiliated merchants in order to possibly provide better pricing or alternative deals on a given product or merchant.

deal-vault.com

79% remove it

Remove deal vault-bg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.