» dealboat.exe
Overview
Analysis
File Details
Downloads (1)

dealboat.exe

Deal Boat

Innovative Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application dealboat.exe, “Deal Boat Installer” by Innovative Apps has been detected as adware by 8 anti-malware scanners. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links. The file has been seen being downloaded from deal-boat.com.

File name:

dealboat.exe

Publisher:

215 Apps (signed by Innovative Apps)

Product:

Deal Boat

Description:

Deal Boat Installer

Version:

1.26.153.1

MD5:

93aa2d199183eba9af10badbe75a7a82

SHA-1:

c50890ab6d9a861e1397111f4fbde33c642326d5

SHA-256:

edc25b8721c51dbc0a36ff7fafb5bcd4d6c8817a015ac852ca9ee3beb1a3fcd3

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/26/2024 10:20:40 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Installer-M [Adw]

2014.9-130803

Boost by Reason

Trojan.Adw.Installer.InnovativeApps.I

2013.8.3.17

Dr.Web

Adware.Downware.1054

9.0.1.0215

ESET NOD32

Win32/Packed.ScrambleWrapper

7.8717

Reason Heuristics

PUP.Installer.InnovativeApps.I

14.8.7.17

Sophos

AppRider

4.91

Trend Micro House Call

TROJ_GEN.F47V0405

7.2.215

VIPRE Antivirus

GamePlayLabs

20774

File size:

3.2 MB (3,316,144 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\dealboat.exe

Digital Signature

Signed by:

Innovative Apps

Authority:

Thawte, Inc.

Valid from:

1/8/2013 4:00:00 PM

Valid to:

1/9/2014 3:59:59 PM

Subject:

CN=Innovative Apps, O=Innovative Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

5419E32FDAD7A6E5666A35066C5EAAC5

File PE Metadata

Compilation timestamp:

1/5/2010 4:09:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

98304:pn2cZSuxFCPFSNzJxL1lIYsFbDk699xPY:p2wS39SNJp1yY6n995Y

Entry address:

0x4044

Code size:

33 KB (33,792 bytes)

The file dealboat.exe has been seen being distributed by the following URL.

http://deal-boat.com/DealBoat.exe

Remove dealboat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.