Malware

About “AdWare.Win32.DealPly.favqy” infection

Malware Removal

The AdWare.Win32.DealPly.favqy is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What AdWare.Win32.DealPly.favqy virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Presents an Authenticode digital signature
  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine AdWare.Win32.DealPly.favqy?



File Info:

name: E8C5027F323F89D3F1B3.mlw
path: /opt/CAPEv2/storage/binaries/dc7404847ddd56adbacc248ddf3c7eea802bd5bd1f6d53cfc66b642e5938f54d
crc32: 04982FA6
md5: e8c5027f323f89d3f1b325cf51c442e2
sha1: 65370844fd6a120b957e3c6cd8623fa70ec632a9
sha256: dc7404847ddd56adbacc248ddf3c7eea802bd5bd1f6d53cfc66b642e5938f54d
sha512: 51782b1ca84bccbd2f272e7e5cfe7f2b86156f7c29b94df0bfdae7717a7e1049beecdeb9f704828e57cd0644d887cc4bfe861ea907ceb0ffbbb60d6c89e7af79
ssdeep: 98304:MVK1bo3RHFXegmIxwG3PkwTq5sPdJndFUT4cmuPSFuIaAICT0Jihq6s5Zx:uKIHhbwubnIT7fPSFVa6T02q6s5r
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B7463356B7C76472F5744C3088B60684FE1B36282EF152AA6CBCF55EC470AE2593BB13
sha3_384: f9b36c336f88e92ae7b761366411ea3f294d4d659e03f9d83bf395720c77ac9a4c5cb16f6717178b188b8800460e8a58
ep_bytes: 5588c283c4a453565733c08945c48945
timestamp: 2018-06-14 13:27:46


Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: MEmu Play                                                   
FileDescription: MEmu Play Installer                                         
FileVersion: 1.0.1.1             
LegalCopyright: MEmu Play                                                                                           
ProductName: MEMU-Setup                                                  
ProductVersion: 1.0.1.1                                           
Translation: 0x0000 0x04b0

AdWare.Win32.DealPly.favqy also known as:

LionicAdware.Win32.DealPly.2!c
Elasticmalicious (high confidence)
MicroWorld-eScanApplication.Cerdossa.Gen.1
FireEyeGeneric.mg.e8c5027f323f89d3
ALYacApplication.Cerdossa.Gen.1
SangforAdware.Win32.DealPly.favqy
K7AntiVirusAdware ( 0056a99d1 )
K7GWAdware ( 0056a99d1 )
Cybereasonmalicious.f323f8
SymantecTrojan.Gen.MBT
ESET-NOD32Win32/InstallCore.Gen.D potentially unwanted
TrendMicro-HouseCallTROJ_GEN.R002H0CKR21
Paloaltogeneric.ml
Kasperskynot-a-virus:AdWare.Win32.DealPly.favqy
BitDefenderApplication.Cerdossa.Gen.1
NANO-AntivirusVirus.Win32.Gen.ccmw
AvastWin32:AdwareSig [Adw]
SophosInnoMod (PUA)
VIPRETrojan.Win32.Generic!BT
McAfee-GW-EditionArtemis!PUP
EmsisoftApplication.Cerdossa.Gen.1 (B)
IkarusPUA.InstallCore
GDataApplication.Cerdossa.Gen.1 (15x)
AviraHEUR/AGEN.1206212
Antiy-AVLTrojan/Generic.ASMalwS.30069CA
ArcabitApplication.Cerdossa.Gen.1
MicrosoftPUADlManager:Win32/InstallCore
CynetMalicious (score: 100)
AhnLab-V3PUP/Win32.InstallCore.C3361867
McAfeeArtemis!E8C5027F323F
MAXmalware (ai score=74)
VBA32TScope.Trojan.Delf
MalwarebytesAdware.InstallCore
APEXMalicious
YandexPUA.DealPly!YGZAJolT9Cg
SentinelOneStatic AI – Malicious PE
MaxSecureAdware.not-a-virus.WIN32.AdWare.DealPly.gen_192421
FortinetW32/Ulise.9881!tr
WebrootAdware.Installcore
AVGWin32:AdwareSig [Adw]
PandaTrj/CI.A
CrowdStrikewin/malicious_confidence_100% (D)

How to remove AdWare.Win32.DealPly.favqy?

AdWare.Win32.DealPly.favqy removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment