» updatedolphindeals.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

updatedolphindeals.exe

Dolphin Deals

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for Dolphin Deals will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatedolphindeals.exe by Dolphin Deals has been detected as adware by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Dolphin Deals”. This file is typically installed with the program Dolphin Deals by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

Dolphin Deals (signed and verified)

Version:

1.0.5317.25465

MD5:

a209c31473ae2ee23e619f1e4e4e1f20

SHA-1:

36a485e17d416954ade8d04e6c2ecde1c3ae51bd

SHA-256:

8a4f5850b1df8f3467e371a7aa823f24490bab6f27d48961d2b5e30de5638faf

Scanner detections:

3 / 68

Status:

Adware

Explanation:

Part of the Yontoo adware web browser extension update process.

Analysis date:

4/28/2024 12:35:56 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/BrowseFox.H potentially unwanted application

7.0.302.0

Malwarebytes

PUP.Optional.DolphinDeals.A

v2014.07.30.06

Reason Heuristics

PUP.Service.DolphinDeals.S

14.8.4.14

File size:

314.3 KB (321,832 bytes)

Product version:

1.0.5317.25465

Original file name:

DolphinDeals.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\dolphin deals\updatedolphindeals.exe

Digital Signature

Signed by:

Dolphin Deals

Authority:

VeriSign, Inc.

Valid from:

4/29/2014 2:00:00 AM

Valid to:

4/30/2015 1:59:59 AM

Subject:

CN=Dolphin Deals, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Dolphin Deals, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

7B2BB0FC5A785F21B05232FFFBC2969A

File PE Metadata

Compilation timestamp:

7/23/2014 5:09:06 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:qt4Bn8x+IphXFtRkAJy4Q4tTo6kqs7Gmzelpa91cpbzD8Dc:qt4Bs+ILFtfyrpelMYZD8Y

Entry address:

0x4E5BA

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, E8, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

305.5 KB (312,832 bytes)

Service

Display name:

Update Dolphin Deals

Type:

Win32OwnProcess

The file updatedolphindeals.exe has been discovered within the following programs.

Dolphin Deals by Yontoo Technology, Inc.

Dolphin Deals is an adware web browser extension that is display banners ads as well as contextual link ads . The ads are injected by the web browser plugin (IE, FF and Chrome) and will display on any web site, even those not associated or affiliated with the publisher.

sqeedolphindeals.com/support

88% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to a209-91-216-40.deploy.akamaitechnologies.com (209.91.216.40:80)

Remove updatedolphindeals.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.