» pricefountain.exe
Overview
Analysis
File Details
Behaviors (1)

pricefountain.exe

V2FFXDL

PAVVXA

The application pricefountain.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named PFExe triggered to execute each time a user logs in.

File name:

pricefountain.exe

Publisher:

PAVVXA

Product:

V2FFXDL

Version:

1.2.6.6

MD5:

1f0b5b0858b27ee051d9b6d0c306208f

SHA-1:

b65cb9ac1a199af3be4c75638254148f5de135e9

SHA-256:

51563caa12ff18a3f6990bda9154eaae255fe2d8497f684657e63ba329c48f34

Scanner detections:

22 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 7:51:32 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.645759

431

Avira AntiVirus

ADWARE/DealPly.Gen

8.3.2.4

Arcabit

Trojan.Adware.Kazy.D9DA7F

1.0.0.627

avast!

Win32:Adware-gen [Adw]

151028-1

AVG

Adware DealApp.APNO

2015.0.4460

Baidu Antivirus

PUA.Win32.DealPly

4.0.3.15121

Bitdefender

Gen:Variant.Adware.Kazy.645759

1.0.20.1675

Comodo Security

Application.Win32.DealPly.AC

23688

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.645759

10.0.0.5366

ESET NOD32

Win32/DealPly.AC potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Adware.Kazy

5.15.21

G Data

Gen:Variant.Adware.Kazy.645759

15.12.25

IKARUS anti.virus

PUA.DealPly

t3scan.1.9.5.0

K7 AntiVirus

Adware

13.212.18014

Kaspersky

not-a-virus:HEUR:AdWare.Win32.Generic

14.0.0.1038

Malwarebytes

PUP.Optional.DealPly

v2015.12.01.07

MicroWorld eScan

Gen:Variant.Adware.Kazy.645759

16.0.0.1005

NANO AntiVirus

Riskware.Win32.DealPly.dyhuun

0.30.26.4751

Norman

Gen:Variant.Adware.Kazy.645759

07.10.2015 03:16:12

Panda Antivirus

Trj/GdSda.A

15.12.01.07

Qihoo 360 Security

QVM10.1.Malware.Gen

1.0.0.1077

Zillya! Antivirus

Adware.Linkury.Win32.51034

2.0.0.2539

File size:

613 KB (627,712 bytes)

Product version:

1.2.6.6

Original file name:

main.exe

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\users\{user}\appdata\local\pricefountain\pricefountain.exe

File PE Metadata

Compilation timestamp:

11/30/2015 10:05:08 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:59BJ782YX7dptJJgc/UCq0J9ZrnsrlPImuN08SCv6+Q4NIcxT8RN7VI1Yq4eXA:55YNlNJ9tOM0mDQ4N

Entry address:

0x548F8

Entry point:

E8, 47, DA, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 83, EC, 10, A1, 40, 68, 49, 00, 33, C5, 89, 45, FC, 53, 56, 57, 8B, 7D, 0C, F6, 47, 0C, 40, 0F, 85, 36, 01, 00, 00, 57, E8, 1E, 9D, 00, 00, 59, BB, 60, 6B, 49, 00, 83, F8, FF, 74, 2E, 57, E8, 0D, 9D, 00, 00, 59, 83, F8, FE, 74, 22, 57, E8, 01, 9D, 00, 00, 8B, F0, 57, C1, FE, 05, E8, F6, 9C, 00, 00, 83, E0, 1F, 59, C1, E0, 06, 03, 04, B5, A0, B0, 49, 00, 59, EB, 02, 8B, C3, 8A, 40, 24, 24, 7F, 3C, 02, 0F, 84, E8, 00, 00, 00, 57, E8, D0, 9C, 00, 00, 59, 83... 
[+]

Entropy:

6.3853

Code size:

472.5 KB (483,840 bytes)

Scheduled Task

Task name:

PFExe

Trigger:

Logon (Runs on logon)

Remove pricefountain.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.