home

dealkeeper.browseradapter.exe

Deal Keeper

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application dealkeeper.browseradapter.exe by Deal Keeper has been detected as adware by 21 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. While running, it connects to the Internet address ny1wv3280.xglobe.net on port 80 using the HTTP protocol.
Publisher:
Deal Keeper  (signed and verified)

MD5:
2a468dd5a6382fbf3183de442da89c97

SHA-1:
187dbfe543e13f5435dcf92166b2544097535ade

SHA-256:
171ed4eaa04b5f0ea95b035d373e718f2097c031ea1aa5db74ed25905c7e04a7

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 12:05:11 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.MPlug.Q
884

AhnLab V3 Security
Adware/Win32.SwiftBrowse
2014.09.04

Avira AntiVirus
APPL/BrowseFox.Gen
7.11.170.174

AVG
Generic
2015.0.3362

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.1493

Bitdefender
Adware.MPlug.Q
1.0.20.1230

Comodo Security
Application.Win32.BrowseFox.JK
19411

Emsisoft Anti-Malware
Adware.MPlug.Q
9.0.0.4324

ESET NOD32
Win32/BrowseFox
8.10360

F-Secure
Adware.MPlug.Q
11.2014-03-09_4

G Data
Adware.MPlug
14.9.24

IKARUS anti.virus
PUA.BrowseFox
t3scan.1.7.5.0

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Kranet
15.0.0.463

McAfee
PUP-FOP
5600.7018

MicroWorld eScan
Adware.MPlug.Q
15.0.0.738

NANO AntiVirus
Riskware.Win32.Kranet.dekhzh
0.28.2.61942

nProtect
Adware.MPlug.Q
14.09.03.01

Qihoo 360 Security
Win32/Virus.Adware.639
1.0.0.1015

Reason Heuristics
PUP.DealKeeper.Y
14.9.3.13

VIPRE Antivirus
Threat.4741131
32210

Zillya! Antivirus
Adware.Kranet.Win32.133
2.0.0.1911

File size:
96.2 KB (98,552 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\deal keeper\bin\dealkeeper.browseradapter.exe

Digital Signature
Signed by:
Deal Keeper

Authority:
VeriSign, Inc.

Valid from:
7/22/2014 2:00:00 AM

Valid to:
5/13/2015 1:59:59 AM

Subject:
CN=Deal Keeper, O=Deal Keeper, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2D5A91A625D274EE29AFF6E5DC4A33AC

File PE Metadata
Compilation timestamp:
9/3/2014 5:00:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:hUpNCMA9q5bNldh7Mx6BTKUhSkWnzBdelS4:hUpNCLg5bNB7MgF+dkS

Entry address:
0x3665

Entry point:
E8, C5, 21, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, F3, 05, 00, 00, 3B, 0D, 70, 50, 41, 00, 75, 02, F3, C3, E9, 41, 22, 00, 00, 8B, FF, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 44, 23, 00, 00, 59, 85, C0, 74, 0F, FF, 75, 08, E8, 8A, 07, 00, 00, 59, 85, C0, 74, E6, C9, C3, F6, 05, D8, 63, 41, 00, 01, BF, CC, 63, 41, 00, BE, 10, 12, 41, 00, 75, 2C, 83, 0D, D8, 63, 41, 00, 01, 6A, 01, 8D, 45, FC, 50, 8B, CF, C7, 45, FC, 18, 12, 41, 00, E8, 2C, 00, 00, 00, 68, 4E, 03, 41, 00, 89, 35, CC...
 
[+]

Code size:
61 KB (62,464 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ny1wv3280.xglobe.net  (204.145.82.20:80)

Remove dealkeeper.browseradapter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.