home

savepathdeals.dll

Savepath Deals

The module savepathdeals.dll by Savepath Deals has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Savepath Deals’. This file is typically installed with the program Savepath Deals which is a potentially unwanted software program.
Publisher:
Savepath Deals  (signed and verified)

Product:
Savepath Deals

Version:
1.0.0.1

MD5:
cd0c304591dfcac1404de1db6d05d187

SHA-1:
fdb17f78cf5059c5ba6ba8cf705750e8b832adb7

SHA-256:
0459c056bbe822165824628ff4ec5f041d950a5491a86904fe00f20e449fb1c7

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/20/2024 1:35:09 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SavepathDeals.N
14.9.18.18

File size:
1.8 MB (1,877,272 bytes)

Product version:
1.0.0.1

Copyright:
Savepath Deals

Original file name:
couponsapp.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\savepath deals\savepathdeals.dll

Digital Signature
Signed by:
Savepath Deals

Authority:
COMODO CA Limited

Valid from:
5/16/2013 7:00:00 PM

Valid to:
5/17/2014 6:59:59 PM

Subject:
CN=Savepath Deals, O=Savepath Deals, STREET=2526 W Macarthur blvd, STREET=UNIT G, L=Santa Ana, S=CA, PostalCode=92704, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0080BC518A6FEE7C80D4DA50F0F5EEB4DA

File PE Metadata
Compilation timestamp:
7/31/2013 9:04:18 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:E80c4Gf71hVRVrjuCCYa+V6PjR6xqZnE7mKYFi5dpRhJaPz4xlbe1VAA8BVCFpK:EPo7dRVmCCYa+V6PjR42nE7mApRhJacZ

Entry address:
0x10EE37

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, A7, BB, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 83, C0, 02, 66, 85, C9, 75, F5, 2B, 45, 08, D1, F8, 48, 5D, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, A0, 61, 18, 10, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24...
 
[+]

Entropy:
6.6145

Code size:
1.2 MB (1,277,952 bytes)

Internet Explorer BHO
Display name:
Savepath Deals

CLSID:
{F66C7EC4-63CC-4452-A8C9-5A2E898F8EFF}


The file savepathdeals.dll has been discovered within the following program.

Savepath Deals  by Savepath Deals
Publisher's description - “Download and install our small browser add-on to get started. Don't worry our app is free and only shows minimal ads that won't get in the way. If you want to remove our app at anytime you can uninstall it.”
www.savepathdeals.com
64% remove it
 
Powered by Should I Remove It?

Remove savepathdeals.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.