» dealspluginrow.exe
Overview
Analysis
File Details

dealspluginrow.exe

Deals Plugin

Awesome Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application dealspluginrow.exe, “Deals Plugin Installer” by Awesome Apps has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

dealspluginrow.exe

Publisher:

215 Apps (signed by Awesome Apps)

Product:

Deals Plugin

Description:

Deals Plugin Installer

Version:

1.24.151.151

MD5:

6607e2b4fdffbec3d192d032aa002805

SHA-1:

44db2691be30043eb35dbf7059530b02c0f3a224

SHA-256:

980632376b7173bb20f2a44faacd510247c89a8576afcceb48d980012ea3f0c4

Scanner detections:

10 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/24/2024 6:45:20 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Crossrider-C [PUP]

2014.9-141031

AVG

MalSign.Skodna

2015.0.3305

Bkav FE

HW32.CDB

1.3.0.4246

Comodo Security

Heur.Suspicious

16986

Dr.Web

Adware.Plugin.23

9.0.1.0304

ESET NOD32

Win32/Toolbar.CrossRider

8.8832

Malwarebytes

PUP.Crossrider.DP

v2014.10.31.08

Reason Heuristics

PUP.Installer.AwesomeApps.O

14.10.31.8

Sophos

Generic PUA EL

4.93

VIPRE Antivirus

GamePlayLabs

21742

File size:

2.2 MB (2,315,176 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\dealspluginrow.exe

Digital Signature

Signed by:

Awesome Apps

Authority:

Thawte, Inc.

Valid from:

8/29/2012 2:00:00 AM

Valid to:

8/30/2013 1:59:59 AM

Subject:

CN=Awesome Apps, O=Awesome Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3D0C9CCF6A7D44B9FDA1963A424319BA

File PE Metadata

Compilation timestamp:

1/5/2010 1:09:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

49152:dLhemVgfLXGqbfnGr105kFOssSR1AzNRfL1xGkiMzjeMh1o9:xhZiDXGq7w105kosvQzTL1xSGjo9

Entry address:

0x4044

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 97, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 43, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, A6, 52, 00, 00, A3, 88, 5C, 42, 00, 53, C7, 04, 24, 08, 00, 00, 00, E8, 26, 32, 00, 00, A3, 38, 5D, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, D0, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 68, 5D... 
[+]

Code size:

33 KB (33,792 bytes)

Remove dealspluginrow.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.