» dealplyxrd.exe
Overview
Analysis
File Details
Programs (1)

dealplyxrd.exe

DealPly

DealPly Technologies Ltd

The application dealplyxrd.exe, “DealPly Installer” by DealPly Technologies has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Install System installer. This file is typically installed with the program DealPly by DealPly Technologies Ltd which is a potentially unwanted software program.

File name:

dealplyxrd.exe

Publisher:

DealPly Technologies Ltd. (signed by DealPly Technologies Ltd)

Product:

DealPly

Description:

DealPly Installer

Version:

1.18.149.149

MD5:

822174f1df44c0e76c40d2bc4faf5e80

SHA-1:

81544a18d583d9cdc783346773966433bd4d221a

SHA-256:

a9b8a6ccf00e051521ecc06955ce6dc839374b497885ec0f4175503e85f20201

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/11/2024 2:11:39 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.DealPly.Installer (M)

16.1.14.20

File size:

1.8 MB (1,898,360 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\Program Files\dealply\dealplyxrd.exe

Digital Signature

Signed by:

DealPly Technologies Ltd

Authority:

COMODO CA Limited

Valid from:

7/6/2011 9:00:00 PM

Valid to:

7/6/2012 8:59:59 PM

Subject:

CN=DealPly Technologies Ltd, O=DealPly Technologies Ltd, STREET=13 Barth St., L=Tel Aviv, S=Israel, PostalCode=69104, C=IL

Issuer:

CN=COMODO Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6238E7E75D4E913EACA7A1A3F81BCC27

File PE Metadata

Compilation timestamp:

1/5/2010 10:09:32 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

49152:Shc8rqcnB6v5fTZyCvaJP72cqg4ZW7qwHeKAZ45:dKbO5fT4CyJP7VaOfHeK4E

Entry address:

0x4044

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 97, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 43, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, A6, 52, 00, 00, A3, 88, 5C, 42, 00, 53, C7, 04, 24, 08, 00, 00, 00, E8, 26, 32, 00, 00, A3, 38, 5D, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, D0, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 68, 5D... 
[+]

Code size:

33 KB (33,792 bytes)

The file dealplyxrd.exe has been discovered within the following program.

DealPly by DealPly Technologies Ltd

DealPly installs a web browser extension such as an Internet Explorer Browser Helper Object (BHO) to view web pages loaded and look for affiliated merchants in order to possibly provide better pricing or alternative deals on a given product or merchant.

www.dealply.com

72% remove it

Remove dealplyxrd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.