home

DealRunner.exe

DealRunner

Shop to Win, LLC

The application DealRunner.exe by Shop to Win has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Jackpot Rewards  (signed by Shop to Win, LLC)

Product:
DealRunner

Version:
1, 0, 5, 0

MD5:
e4cda2dd287c12bde6a4705e8b3d0640

SHA-1:
b6fc641d989592f3864a5208602854c371955617

SHA-256:
06ae6c97bf8d5a8d8ca3877713ca06742e40ad7792f9094a764a0bbe219f102a

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/4/2024 11:44:04 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Shop To Win.ShoptoWin (M)
15.12.9.10

File size:
1.8 MB (1,920,600 bytes)

Product version:
1, 0, 5, 0

Copyright:
(c) 2010 Jackpot Rewards

Original file name:
DealRunner.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\dealrunner\dealrunner.exe

Digital Signature
Signed by:
Shop to Win, LLC

Authority:
Thawte, Inc.

Valid from:
8/29/2010 7:00:00 PM

Valid to:
8/11/2011 6:59:59 PM

Subject:
CN="Shop to Win, LLC", O="Shop to Win, LLC", L=Waltham, S=Massachusetts, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5253D8B27EE6565A3278897F87D5319B

File PE Metadata
Compilation timestamp:
11/19/2010 6:03:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:YSUyGLiMurxu5n86l9e+sTrjdbaQauy8aB023D5:lL89nU+68QY3hF

Entry address:
0x9C00B

Entry point:
E9, 30, 4E, 0C, 00, E9, 5B, 2A, 01, 00, E9, 96, B8, 02, 00, E9, 41, AA, 01, 00, E9, DC, FB, 0D, 00, E9, 47, 20, 07, 00, E9, B2, DA, 05, 00, E9, 1D, 76, 02, 00, E9, 88, 4E, 0D, 00, E9, 03, 82, 0D, 00, E9, CE, EF, 05, 00, E9, 29, 0F, 01, 00, E9, 34, 8E, 0D, 00, E9, 8F, 26, 0C, 00, E9, 8A, A1, 0C, 00, E9, 25, 48, 05, 00, E9, A0, 76, 11, 00, E9, D9, DF, 0A, 00, E9, 86, D3, 04, 00, E9, 81, 59, 03, 00, E9, DC, DE, 00, 00, E9, 17, D7, 0A, 00, E9, 92, EA, 05, 00, E9, AD, 95, 02, 00, E9, A8, 4A, 02, 00, E9, C3, 41...
 
[+]

Entropy:
5.8272

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
1.2 MB (1,282,048 bytes)

Remove DealRunner.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.