home

dp.exe

DealPly Technologies Ltd

The application dp.exe, “http://www.dealply.com/” by DealPly Technologies has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from istatic.dealply.com.
Publisher:
DealPly  (signed by DealPly Technologies Ltd)

Product:
DealPly

Description:
http://www.dealply.com/

Version:
3.9.0.0

MD5:
0d25be7e94f7610d647e05c9aba2e160

SHA-1:
6fb3757687f726969e9471ac9f91e2e3e70bdff2

SHA-256:
2696068384e199017e1aa1126838c4c2bc068e305289b3257f2a508131e88bd9

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
4/24/2024 10:54:59 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.DealPly.C
188838

Dr.Web
Adware.Shopper.328
9.0.1.0365

ESET NOD32
Win32/DealPly
7.9237

K7 AntiVirus
Trojan
13.174.10689

Malwarebytes
PUP.Optional.Dealply
v2013.12.31.09

Reason Heuristics
PUP.DealPly.C
14.8.7.17

Rising Antivirus
NS:Malware.Install!1.9F21
23.00.65.14113

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
Adware.DealPly
24976

File size:
494.2 KB (506,056 bytes)

Product version:
3.9.0.0

Copyright:
Copyright (C) 2012 DealPly Technologies Ltd.

Trademarks:
[dealplydef:dealplydef] - DealPly is a trademark or registered trademark of DealPly in the U.S. and/or other countries.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\dp.exe

Digital Signature
Signed by:
DealPly Technologies Ltd

Authority:
COMODO CA Limited

Valid from:
7/7/2011 2:00:00 AM

Valid to:
7/7/2012 1:59:59 AM

Subject:
CN=DealPly Technologies Ltd, O=DealPly Technologies Ltd, STREET=13 Barth St., L=Tel Aviv, S=Israel, PostalCode=69104, C=IL

Issuer:
CN=COMODO Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6238E7E75D4E913EACA7A1A3F81BCC27

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:MDGCc3YljEpp/zUtEe7W0AKM7GAeIGWGNX8nk91PfljEplW4:MKCZwrUuemyvrWGN+k99dU

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file dp.exe has been seen being distributed by the following URL.

http://istatic.dealply.com/.../dp.exe

Remove dp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.