Adware.DealPly.ASB
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Popularity Rank: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Popularity Rank: | 15,060 |
| Threat Level: | 20 % (Normal) |
| Infected Computers: | 59 |
| First Seen: | July 27, 2024 |
| Last Seen: | April 18, 2026 |
| OS(es) Affected: | Windows |
Table of Contents
Analysis Report
General information
| Family Name: | Adware.DealPly.ASB |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
91aec90e97c15a2f0216f773ff074226
SHA1:
6a4a89d6ef5dca8c761aae7a5ce615feff222855
File Size:
628.22 KB, 628224 bytes
|
|
MD5:
bba6227cc38ab2618f6b1d071c0acc00
SHA1:
f75ffed70e3ebf3ad57fd65fa5c8557ec40dcfc9
SHA256:
D21E9028E652E2744933A210D19D5EC96493F6FEC71EAAF00034761A1BABDADB
File Size:
2.38 MB, 2383872 bytes
|
|
MD5:
de0e9a4878285cef382dd19e110c7cee
SHA1:
9f0efb85f24bdc6dd4371a8fae1fc2c97e7f19ad
SHA256:
21C83E6852C6BEB25052343D2A832941BEFF4B7EC8AB1AA4C9BC29F5870FED90
File Size:
1.00 MB, 1000448 bytes
|
|
MD5:
5df1bb83f43ab51496152abdc84f7e38
SHA1:
243baa8bfaae9b410ecfda133b318ebb67c33c72
SHA256:
7367D9E18EFDEEF030A0855E2DF6770034A1063320916047F4F13BAE2EE0D92F
File Size:
917.50 KB, 917504 bytes
|
|
MD5:
363b846926b978eda3df96a90ea67187
SHA1:
cc73b6e6c501f6917e9b8478584836d0431239bc
SHA256:
290EF26CBC06EBCBF4F5BF51ACB4EF66EEFE1333963DFCC713AF1DD9EE1A6EFB
File Size:
1.99 MB, 1992704 bytes
|
Show More
|
MD5:
5e92ff80a54a0eefb5997e9e35981005
SHA1:
8f302066297b39d74e49a2c7af10691784136933
SHA256:
68E9231587F50DF978AEF4FC4B4546991BCA33F6EB002F94B925660405AEF11C
File Size:
635.39 KB, 635392 bytes
|
|
MD5:
3b67f49626e33b895e1af10f5c7c4161
SHA1:
4cffe7e44c65736b96e4fd17367062267dd0f541
SHA256:
3A649CCB080DE7241C0BFA05101F93BE0F14181AF06ED52DE011EC9E935468C5
File Size:
2.02 MB, 2024960 bytes
|
|
MD5:
47dcfaa7c02d72b78a24d6e57729eb5d
SHA1:
bb49c5ac35fe64f43e0d2e9487877dd095cef33b
SHA256:
124906606054B0EBDF73F7E0F2E08B09E0ED97A396774BA7EE64C540CD030945
File Size:
645.12 KB, 645120 bytes
|
|
MD5:
b6a108530e4818fcc933f39c70ede99d
SHA1:
2c0abf471f3ef518a837f4a386ff80c3d6a1987d
SHA256:
04F353492E6D3C2EDBA451184B0B03188061EF435E786DA7D5AE0A45DB605C9B
File Size:
2.36 MB, 2358784 bytes
|
|
MD5:
6b004e97e7bf4316a28e79b72de70981
SHA1:
6d7cfd1103e2473d9cbd4a4067cfa46f8e898dce
SHA256:
4B04BF16144EB5606BD28E3D87B5429159B2A2890D59365A15D4B8D3CC4B912E
File Size:
517.12 KB, 517120 bytes
|
|
MD5:
c3f9b0bdba5c2c8450ca3eff740a1261
SHA1:
1afb91a14036157307b28c2c3290167c6c785400
SHA256:
2A6E08914C0783C3B6BEC0A32CF3029D8CEEB827AE6D84F44F7415EB53EFB76C
File Size:
639.49 KB, 639488 bytes
|
|
MD5:
b83d26b856d77cbc1170d4285211bb89
SHA1:
d4ae6ffc00916755543e1c9a4677354f0b6940ed
SHA256:
AB30193F8667E96EA4191A6D24CF33E42C79E0DDE616FAD451377732025C6914
File Size:
502.27 KB, 502272 bytes
|
|
MD5:
517be13a5d9966e8f552b5d6342cf8f0
SHA1:
919bf9fef754454cd72295064c2814a1bdca4916
SHA256:
C4AAC582BBC7722F70312E3C0E119AF357179C76A268EB4E36F651EB29C21C6B
File Size:
514.56 KB, 514560 bytes
|
|
MD5:
7e1869edf095ef2a328fa21e7a0b9c1a
SHA1:
ea88f4e82f57f2b5a14d03effdf204d37706a6db
SHA256:
7A814A3C80A281620C59010FE9A354ED385EC701BB613EA3353ECD77069C781F
File Size:
2.32 MB, 2315264 bytes
|
|
MD5:
7db90476a9c0bea71b0b3294b421f9c4
SHA1:
b35f8f594e78315ce38f735e7e106d2fa2da8baf
SHA256:
889DBC6961F98C8239E23AC27D32B3573BB89123B3FF88CFAF42CDA35B003838
File Size:
2.16 MB, 2162688 bytes
|
|
MD5:
0f123c262a22a8cb9fee0279580c4bc8
SHA1:
a76bba098f2b891721519a3e638b591b83dac08e
SHA256:
D4779D972841F4E8635EA078DE576B1A937A87AE28857868A0A4B2A309A8AD5C
File Size:
990.72 KB, 990720 bytes
|
|
MD5:
9dd27e8f6d4f016c82c6d13c48fcc375
SHA1:
f8f101b5a528b3e7d0667fb8987579150173cce0
SHA256:
A87DC5DE955A969D45012C3D317687E08718B3EF068666BAF793A89841B305B6
File Size:
2.17 MB, 2167296 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have relocations information
- File doesn't have security information
- File has exports table
- File has TLS information
- File is 32-bit executable
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Icons
File Icons
This section displays icon resources found within family samples. Malware often replicates icons commonly associated with legitimate software to mislead users into believing the malware is safe.
Windows PE Version Information
Windows PE Version Information
This section displays values and attributes that have been set in the Windows file version information data structure for samples within this family. To mislead users, malware actors often add fake version information mimicking legitimate software.| Name | Value |
|---|---|
| Company Name |
Show More
|
| File Description |
|
| File Version |
Show More
|
| Internal Name |
Show More
|
| Legal Copyright |
|
| Legal Trademarks |
|
| Original Filename |
Show More
|
| Product Name |
Show More
|
| Product Version |
Show More
|
File Traits
- 2+ executable sections
- No Version Info
- VirtualQueryEx
- x86
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 5,640 |
|---|---|
| Potentially Malicious Blocks: | 6 |
| Whitelisted Blocks: | 5,628 |
| Unknown Blocks: | 6 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
...
Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Banker.AM
- Banker.GF
- Banker.RF
- Casbaneiro.A
- DealPly.AS
Show More
- DealPly.ASB
- DealPly.GB
- Delf.FC
- Delf.OD
- Delf.ODB
- Filecoder.PB
- Filecoder.RR
- Gamehack.BSB
- Injector.JDA
- Injector.KPP
- Installmonstr.EC
- Keylogger.DF
- Lamer.B
- Lumma.NB
- MSIL.Agent.FG
- Malat.A
- MyDoom.A
- Ropalidia.D
- Swisyn.B
- Talsab.A
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| User Data Access |
|
