» updatedealkeeper.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

updatedealkeeper.exe

browsebit

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application updatedealkeeper.exe by browsebit has been detected as adware by 4 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Deal Keeper”. This file is typically installed with the program Deal Keeper by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

browsebit (signed and verified)

Version:

1.0.5416.1860

MD5:

4ba158480d2d23ec92e5279375be594f

SHA-1:

f6770667c5343798e32a8e09e67f0493c4ea4094

SHA-256:

349ad0b5f0efed01422414b04ff866101988219ed436b02788abcf1f3dfe7779

Scanner detections:

4 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/25/2024 1:24:46 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.MSIL.BrowseFox

4.0.3.141030

ESET NOD32

MSIL/BrowseFox (variant)

8.10646

Malwarebytes

PUP.Optional.DealKeeper.A

v2014.10.30.08

Reason Heuristics

Adware.Yontoo.Service.Q

14.11.3.21

File size:

511.3 KB (523,552 bytes)

Product version:

1.0.5416.1860

Original file name:

DealKeeper.exe

File type:

Executable application (Win32 EXE)

Language:

Turkish (Turkey)

Common path:

C:\Program Files\deal keeper\updatedealkeeper.exe

Digital Signature

Signed by:

browsebit

Authority:

VeriSign, Inc.

Valid from:

11/14/2013 2:00:00 AM

Valid to:

11/15/2014 1:59:59 AM

Subject:

CN=browsebit, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=browsebit, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6B2597DEE46FB360C37EAC0C95446B1B

File PE Metadata

Compilation timestamp:

10/30/2014 11:02:24 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:k8t2/wGxyYQaNLcBARnmGsxbe+tCgQg3le+aRxOQpodCylm3c/6bd:k8tsvxyMFWPhR4U2OjJlep

Entry address:

0x7F8D6

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

502.5 KB (514,560 bytes)

Service

Display name:

Update Deal Keeper

Type:

Win32OwnProcess

The file updatedealkeeper.exe has been discovered within the following program.

Deal Keeper by Yontoo Technology, Inc.

Deal Keeper is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.

mightydealkeeper.com/support

86% remove it

Remove updatedealkeeper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.