Adware.DealPly.AS
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 12,587 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 53 |
| First Seen: | July 27, 2024 |
| Last Seen: | March 1, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Adware.DealPly.AS |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
4dbc82b32a7972c01675158f2ba25f5b
SHA1:
6fe16a35132f5bade871b845a1d739c47c45b0ae
SHA256:
5D7E24B9C3F29DC3E623A4099DFF55FAFFBD51EEFB556FBF7D69E9D1715704F3
File Size:
903.68 KB, 903680 bytes
|
|
MD5:
5721e66a8aaa91ca21aa89480415781a
SHA1:
5a3c27ade2b7603c84bb55146c172994f8f0b8c8
SHA256:
1FDFF6B8C778DD98C08E57880CDD17FE4DE7F8378E2044BF7F87F40171BFEF8B
File Size:
2.18 MB, 2179584 bytes
|
|
MD5:
5aa80a060bf34e9b2c27b47da249742f
SHA1:
70b515302a2ab93d78c461ced5df72c1d4c828e2
SHA256:
965B54FC0C1B9313FBAFC420334CE2916542A0F7BF0A671CDFE9614E4F5777EB
File Size:
2.24 MB, 2238464 bytes
|
|
MD5:
143988e79d1d453f70937a24e9360118
SHA1:
5302f6242d99c2ee7a624571448d31f13f4b379b
SHA256:
FD1839BE8B0C6FC18C90A34171598C95FCEA3A375FE7E4B86FB7061FE349A3E9
File Size:
2.15 MB, 2152448 bytes
|
|
MD5:
0d09a6dd169a4d63402bc2b3f9abeb08
SHA1:
b49e6e5360642ce4a22fc0e53988307f52efa682
SHA256:
42A035E60CD3498A4CBCF603AEA7D09EB0F2D4F7D58F7AC60705E3B3F90A07A3
File Size:
889.86 KB, 889856 bytes
|
Show More
|
MD5:
e9af02fc42c868c18bc4f9149e0e2a2c
SHA1:
293a31671643a81005182a2583e52cb32e7e31e9
SHA256:
98087D79E5AB776D06A7806B44E0203A7BC0D0156BC3075078EC90C016DC9BA6
File Size:
2.25 MB, 2246656 bytes
|
|
MD5:
451cc038af3645dae371b4611766d903
SHA1:
b651a3aa64ea575803c1d95eb5f36c096ed24139
SHA256:
47ABB0C31535ABDDB9BB89FD18346C7EF4A8623AE902A8FBC5877F3C304B7C3F
File Size:
2.07 MB, 2067968 bytes
|
|
MD5:
95520c97e640a5042bec730e193bddbd
SHA1:
cc1772cb63e6e7258215cfa839b6ae006e053ca5
SHA256:
C81E1C28DFF338072FA4B96080DBF3C254FB3F23C550A6A603965127430F2BCA
File Size:
2.16 MB, 2164224 bytes
|
|
MD5:
10c3c61f324d92ac6347fa282ad3d802
SHA1:
29320d39b02f6ba02030bf3c5471054b67ee21d4
SHA256:
712F45292C9482DB0F16133C0733B0DCC54720164E00D96139F9B4EE3E9632FA
File Size:
2.24 MB, 2240512 bytes
|
|
MD5:
c623012462af729c027c1831ad5122b5
SHA1:
8bf972b763486f47f3beb321643496826bb5b614
SHA256:
12BA6726A8B42B1F7B2E3149FCD984D7EDC550D247B4BBAC7124EB85D3109CDB
File Size:
679.94 KB, 679936 bytes
|
|
MD5:
c85d734cea5fceb894df2bd416f093de
SHA1:
094b2bfa1584df52d642f7dc0a06b741acdf1af9
SHA256:
BC4D34CB9056E41B537150832C51A34AF44121750911AF25EB6491B6F27D95A9
File Size:
2.15 MB, 2147840 bytes
|
|
MD5:
12bdad7aefd89f66be3a841b26b06be3
SHA1:
27fe9e6bfde2e64d8c21d5ac62f3c403f127b1c1
SHA256:
C076F95A01520F2247B3486A5E0004780BFAA79F6B7A561C923D83FD5A2726E7
File Size:
1.99 MB, 1988096 bytes
|
|
MD5:
6f16dc9c1e785709b629e504a6dbbaf1
SHA1:
1564087604dde9c6163372d1aa57307c5e3ce70c
SHA256:
74232DD8BA6A9D49C14FC613DE7B13FA3A1694D6DE1B236F5BC7B6DBA96B4602
File Size:
2.06 MB, 2057216 bytes
|
|
MD5:
9b80b9cb7be33802b9fa39ae59c73c02
SHA1:
2769858b1ead1ee5da154b94e33495467267b318
SHA256:
B2CD7BE3C831EDB1C119172EDDFCE7F1B1D357C81152C8D5710B0DDD91FC2531
File Size:
619.52 KB, 619520 bytes
|
|
MD5:
b889dfc8d7972afa161453dc7476ca9a
SHA1:
e2f59cf12f163da880fa921f17fe45d01de079c4
SHA256:
438FEE3D102241FFE72443B20F9FEAAF651F512990A9F144FB8F04F32E9D555C
File Size:
2.22 MB, 2224640 bytes
|
|
MD5:
32d7ac6c8ade75f20bea1f61a2775c4d
SHA1:
b5a199da80f15f3f45eb41c7620e01c73589d846
SHA256:
8CD928D69603B3B4FE35D106667248AE7599CE1578F7C76E5E3B38BC4ECC2A3B
File Size:
670.72 KB, 670720 bytes
|
|
MD5:
1d7a92a902795fb277d85361b6167231
SHA1:
29dbbcd3dc3f930b4156d3a62e55bcbd736769f5
SHA256:
C50DCFA6C14CC376E967718E82947054F63A74C3B57E35475926EAEF67199942
File Size:
2.03 MB, 2028032 bytes
|
|
MD5:
8381029a47892ea6abade2084de28dea
SHA1:
b8beeeb7fffd6f73bc72cdd737df5bcd5bff8d06
SHA256:
56608736E1F695D28E46A2F165142B82D708B20B6DE26700E9A0465E23BBA7C3
File Size:
2.32 MB, 2323456 bytes
|
|
MD5:
c486d95e75f8f050661b1445f5647014
SHA1:
2b33c9a69f82c112feecfeedd4bdefa96e3ed2d2
SHA256:
4109A07D0A57104EE0D6A9127E64E2E46DAF3953A9F9008FA29AB6491695A80D
File Size:
663.55 KB, 663552 bytes
|
|
MD5:
6a3d5515ec933ce278dfeda8db48eb39
SHA1:
4a185ee69ccbe07729da53e9b47a5ab76cd16933
SHA256:
D064CFADDC075510963BB0C68236012734242BC2561F5115A2EC0B9B92CD9E0B
File Size:
2.31 MB, 2305024 bytes
|
|
MD5:
1b402d8d0b40acfcac73d9474a17511a
SHA1:
ddf821a4d80797593925b077ede651fef704d058
SHA256:
3340A11F131FC5CA30CEE48300E58E91C38311C835247BC5551C13F0CEFF3A7E
File Size:
889.86 KB, 889856 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has been packed
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
Show More
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
Show More
|
| File Description |
|
| File Version |
Show More
|
| Internal Name |
Show More
|
| Legal Copyright |
|
| Legal Trademarks |
|
| Original Filename |
Show More
|
| Product Name |
Show More
|
| Product Version |
Show More
|
File Traits
- 2+ executable sections
- HighEntropy
- No Version Info
- packed
- upx
- UPX!
- VirtualQueryEx
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 2,671 |
|---|---|
| Potentially Malicious Blocks: | 3 |
| Whitelisted Blocks: | 2,665 |
| Unknown Blocks: | 3 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.DSS
- Babar.AI
- Banker.AM
- Banker.GF
- Banker.RF
Show More
- Banload.XG
- Casbaneiro.A
- Danabot.DI
- DealPly.AS
- DealPly.ASB
- DealPly.GB
- Delf.OD
- Delf.ODB
- Filecoder.RR
- Gamehack.BSB
- Installmonstr.EC
- Lamer.B
- MSIL.Agent.FG
- MyDoom.A
- Ropalidia.D
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| User Data Access |
|
| Anti Debug |
|
