home

updateproductdeals.exe

Product Deals

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for Product Deals will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updateproductdeals.exe by Product Deals has been detected as adware by 11 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Util Product Deals”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Product Deals  (signed and verified)

Version:
1.0.5650.11642

MD5:
264bd98c4dc2780ecd894ef26de5f0bf

SHA-1:
4f4a0c4ac518e6ad98fcfa3b006be7079d2d4811

SHA-256:
dd61e1b319e5c8d7d11498de14154c49434c5113865abea2cc0e49165583cc0d

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Part of the Yontoo adware web browser extension update process.

Analysis date:
5/10/2024 4:28:44 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.06.22

Avira AntiVirus
ADWARE/BrowseFox.Gen7
8.3.1.6

AVG
BrowseFox
2016.0.3066

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.15626

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Yontoo.1949
9.0.1.0177

ESET NOD32
MSIL/BrowseFox.G potentially unwanted (variant)
9.11820

K7 AntiVirus
Adware
13.205.16309

Malwarebytes
PUP.Optional.ProductDeals.A
v2015.06.26.06

NANO AntiVirus
Riskware.Win32.BPlug.djpkri
0.30.24.2086

Reason Heuristics
PUP.Yontoo.ProductDeals (M)
15.6.26.14

File size:
460.7 KB (471,800 bytes)

Product version:
1.0.5650.11642

Original file name:
ProductDeals2015062114.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\product deals\updateproductdeals.exe

Digital Signature
Signed by:
Product Deals

Authority:
VeriSign, Inc.

Valid from:
3/9/2015 9:00:00 PM

Valid to:
3/9/2016 8:59:59 PM

Subject:
CN=Product Deals, O=Product Deals, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
08DB250BF6350B54DDDEF1061C8BCE6D

File PE Metadata
Compilation timestamp:
6/26/2015 11:29:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:wi4n5OhOtlCXAqKHBHrWc61hIxvYR/tHaLwZlRYEA52gGQxf3R193rNGtXHEyb:t4LBRhLW4VYVt1G2gGQzhIP

Entry address:
0x6F97E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
438.5 KB (449,024 bytes)

Service
Display name:
Util Product Deals

Type:
Win32OwnProcess


Remove updateproductdeals.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.