» updatetask.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

updatetask.exe

DealPly Technologies Ltd

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe by DealPly Technologies has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named DealPly triggered daily at a specified time. This file is typically installed with the program DealPly by DealPly Technologies Ltd which is a potentially unwanted software program.

File name:

updatetask.exe

Publisher:

DealPly Technologies Ltd (signed and verified)

MD5:

534c82f1d7246edf654b5257ca82fe70

SHA-1:

8a0dc627c3f1d4f6c9cd3a263cd10a279f708b80

SHA-256:

fbe35b275676164d6771087fca59aff7ca667647fab1ee466c94ed00aefda455

Scanner detections:

1 / 68

Status:

Adware

Explanation:

The update task for the InstallCore download manager.

Analysis date:

4/19/2024 5:31:10 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.UpdateProc.DealPly (M)

16.2.3.2

File size:

91.5 KB (93,728 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\dealply\updateproc\updatetask.exe

Digital Signature

Signed by:

DealPly Technologies Ltd

Authority:

COMODO CA Limited

Valid from:

6/14/2012 2:00:00 AM

Valid to:

6/15/2015 1:59:59 AM

Subject:

CN=DealPly Technologies Ltd, O=DealPly Technologies Ltd, STREET=13 Barth St., L=Tel Aviv, S=Israel, PostalCode=69104, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

016DFA78310264827B57EAD4F620C264

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

1536:jefq4wzsX/9mfeFB8gttc+WyqvvlzM4eWwiVFhQvDiGuCq3x7yZ4Omx:pzwVmUlDWxpM4eWwi+v+GuCqhI4Om

Entry address:

0x114E4

Entry point:

55, 8B, EC, B9, 07, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, B8, 8C, 14, 41, 00, E8, 7E, 36, FF, FF, 33, C0, 55, 68, 93, 16, 41, 00, 64, FF, 30, 64, 89, 20, E8, D3, 11, FF, FF, 85, C0, 0F, 84, 5F, 01, 00, 00, E8, 02, 9E, FF, FF, 8D, 45, EC, E8, F6, 3E, FF, FF, 83, 7D, EC, 00, 74, 22, 8D, 55, E8, B8, A8, 16, 41, 00, E8, CF, 80, FF, FF, 8B, 45, E8, E8, 43, 9A, FF, FF, 40, 75, 0A, E8, 33, FC, FF, FF, E9, 2A, 01, 00, 00, 68, A8, 0E, 41, 00, 68, DC, 0E, 41, 00, 8D, 55, E4, B8, B4, 16, 41, 00, E8, 0B, 82, FF... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

66 KB (67,584 bytes)

Scheduled Task

Task name:

DealPly

Trigger:

Daily (Runs daily at 05:16)

The file updatetask.exe has been discovered within the following program.

DealPly by DealPly Technologies Ltd

DealPly installs a web browser extension such as an Internet Explorer Browser Helper Object (BHO) to view web pages loaded and look for affiliated merchants in order to possibly provide better pricing or alternative deals on a given product or merchant.

www.dealply.com

72% remove it

Remove updatetask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.