» dealio.exe
Overview
Analysis
File Details
Programs (2)
Network (1)

dealio.exe

Dealio Toolbar

Vendio Services, Inc.

The application dealio.exe, “Setup Launcher ” by Vendio Services has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This file is typically installed with the program Falling Autumn Leaves Screen Saver by Acez Software LLC.

File name:

dealio.exe

Publisher:

Vendio Services, Inc. (signed by Vendio Services, Inc.)

Product:

Dealio Toolbar

Description:

Setup Launcher

Version:

11.0.8

MD5:

2e391c887fccb4d36b5b098fa2218fcd

SHA-1:

962c1f2fde98a22a3f58e5ce0b39681f74c867a4

SHA-256:

587f0c5e434d5f2cc225720f555ebf60e434b51f4984396d1b17e29e1bc8dfd4

Scanner detections:

4 / 68

Status:

Potentially unwanted

Analysis date:

4/16/2024 7:42:34 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Toolbar.Widgi

8.9089

Malwarebytes

PUP.Dealio.TB

v2014.01.29.09

Rising Antivirus

Trojan.Win32.Generic.127B961E

23.00.65.14127

Sophos

Dealio Installer

4.95

File size:

284.9 KB (291,776 bytes)

Product version:

11.0.8

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\dealio.exe

Digital Signature

Signed by:

Vendio Services, Inc.

Authority:

VeriSign, Inc.

Valid from:

7/20/2005 1:00:00 AM

Valid to:

7/21/2006 12:59:59 AM

Subject:

CN="Vendio Services, Inc.", OU=Vendio, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Vendio Services, Inc.", L=San Bruno, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2BAF1E5CED63B13A8526AD700EA467AF

File PE Metadata

Compilation timestamp:

4/14/2005 11:11:39 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:LjNpb4mYE1RaM0ZMN4nSuJhhDOFpXsGKLu8NVhpYJx/ypg:UmYE1ROZJvhDAtmxjpYJx/ypg

Entry address:

0x1E77C

Entry point:

55, 8B, EC, 6A, FF, 68, F8, 9F, 42, 00, 68, 8C, 27, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 34, 91, 42, 00, 33, D2, 8A, D4, 89, 15, E4, 5D, 43, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, E0, 5D, 43, 00, C1, E1, 08, 03, CA, 89, 0D, DC, 5D, 43, 00, C1, E8, 10, A3, D8, 5D, 43, 00, 6A, 01, E8, 38, 2D, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 50, 1F, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

160 KB (163,840 bytes)

The file dealio.exe has been discovered within the following programs.

AV Video Morpher by AVSOFT Corp.

About 3% of users remove it

Falling Autumn Leaves Screen Saver by Acez Software LLC

Publisher's description - “Enjoy the foliage without the hassle of raking. Colorful autumn leaves gather on your desktop with this soothing free screensaver. We conjured up this simple little screensaver for those who love autumn. I admit...”

www.acez.com/autumnleaves.htm

About 4% of users remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 14.d7.24ae.ip4.static.sl-reverse.com (174.36.215.20:80)

Remove dealio.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.