home

pricefountainw.exe

Price Fountain

The application pricefountainw.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘pricefountainw.exe’. This file is typically installed with the program PriceFountain (remove only) by DealPly Technologies Ltd. which is a potentially unwanted software program.
Publisher:
Price Fountain

Product:
Price Fountain

Version:
1.0.3.7

MD5:
a7193c28ccd1545fb63fed56ca9143ca

SHA-1:
fe85e3662908f81351d71904010643bea1cf5096

SHA-256:
a9580e5a3454c21774bb857b77eefa321f52434cb7219f1f7b780b29d4a47224

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 3:14:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.162003
813

AegisLab AV Signature
Troj.NSIS.GoogUpdate
2.1.4+

Avira AntiVirus
TR/Graftor.1257472.2
7.11.183.142

Baidu Antivirus
Adware.Win32.DealPly
4.0.3.141024

Bitdefender
Gen:Variant.Graftor.162003
1.0.20.1585

Emsisoft Anti-Malware
Gen:Variant.Graftor.162003
8.14.11.13.10

ESET NOD32
Win32/DealPly (variant)
8.10605

Fortinet FortiGate
Adware/DealPly
11/13/2014

F-Secure
Gen:Variant.Graftor.162003
11.2014-13-11_5

G Data
Gen:Variant.Graftor.162003
14.11.24

K7 AntiVirus
Trojan
13.185.13930

Kaspersky
not-a-virus:AdWare.Win32.DealPly
14.0.0.3055

McAfee
Artemis!A7193C28CCD1
5600.6968

NANO AntiVirus
Riskware.Win32.DealPly.dhzfzo
0.28.6.62995

Reason Heuristics
Threat.Win.Reputation.IMP
14.11.13.22

Sophos
Generic PUA PO
4.98

Trend Micro House Call
TROJ_GEN.R0C1H09K314
7.2.317

VIPRE Antivirus
Trojan.Win32.Generic
34578

Zillya! Antivirus
Adware.DealPly.Win32.61
2.0.0.1976

File size:
1.2 MB (1,257,472 bytes)

Product version:
1.0.3.7

Copyright:
Copyright (C) 2014

Original file name:
pricefountainw.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\pricefountain\pricefountainw.exe

File PE Metadata
Compilation timestamp:
10/20/2014 4:22:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:sB2QztLWhTin7+JgiRoyeIYAwwt0j1Z4nJQwnx:S2AtLWeQpoyeOr0jX4nJQwnx

Entry address:
0xB74D6

Entry point:
E8, B1, F8, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 18, 0B, 53, 00, 8B, 4D, 08, 23, 4D, 0C, F7, D2, 23, D0, 0B, D1, 89, 15, 18, 0B, 53, 00, 5D, C3, E8, BF, 06, 00, 00, 85, C0, 74, 08, 6A, 16, E8, 76, 07, 00, 00, 59, F6, 05, 18, 0B, 53, 00, 02, 74, 21, 6A, 17, E8, 82, C9, 01, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, C3, 9E, 00, 00, 83, C4, 0C, 6A, 03, E8, 9B, 35, 00, 00, CC, 55, 8B, EC, 83, EC, 10, A1, 20, 0B, 53, 00, 33, C5, 89, 45, FC, 53, 56, 57, 8B...
 
[+]

Entropy:
6.3265

Code size:
950.5 KB (973,312 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
pricefountainw.exe

Command:
C:\users\{user}\appdata\local\pricefountain\pricefountainw.exe hkey_current_user software\pricefountain


The file pricefountainw.exe has been discovered within the following program.

PriceFountain (remove only)  by DealPly Technologies Ltd.
Price Fountain (SaveSense) is an adware extension that will deliver ads to the browser on web pages that are not affiliated with the ads or the extension.
www.pricefountain.com
76% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-54-83-203-166.compute-1.amazonaws.com  (54.83.203.166:80)

Remove pricefountainw.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.