PUA

PUAAdvertising:Win32/DealPli removal

Malware Removal

The PUAAdvertising:Win32/DealPli is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What PUAAdvertising:Win32/DealPli virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Guard pages use detected – possible anti-debugging.
  • Dynamic (imported) function loading detected
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Collects and encrypts information about the computer likely to send to C2 server

How to determine PUAAdvertising:Win32/DealPli?


File Info:

name: 03BFC33685F660B9E11A.mlw
path: /opt/CAPEv2/storage/binaries/d625f3ddc41f2001ca47f8253f6fb42bb0e7e143c26c9d40c96eac1d97a09adf
crc32: E991570F
md5: 03bfc33685f660b9e11af694a3372142
sha1: 34b12e7918fc891a9074b6c990eb175a0a429dd5
sha256: d625f3ddc41f2001ca47f8253f6fb42bb0e7e143c26c9d40c96eac1d97a09adf
sha512: c3b9ee7e8a9e8567cd0e54188e61b742ac40ebaff1918f127276b6edd72f42cf7e298805f76e97068b28d08f7351444d6405b61680de7cf73dc1879982502739
ssdeep: 24576:N7blnbgbRNv+tgSGHoChPw6rmjEA5zJZWB5I6W:N75nbgLmtYH54imjEgJZWQ3
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18125F1867EA177ECD460CA743E2A99F04D3E6F35143655062C487E8BEAFA6F31085723
sha3_384: 07dc28271f97a448a6b136f6fbb03ac7dee05a2ce361ce03146d1f1a0e7f79a03ac8d6292b4181d68a5658946f08577f
ep_bytes: 558bec83c4c453565733c08945f08945
timestamp: 1992-06-19 22:22:17

Version Info:

Comments: This installation was built with Inno Setup.
CompanyName: Still
FileDescription: Bsjk Setup
FileVersion:
LegalCopyright:
ProductName: Bsjk
ProductVersion: 2.09
Translation: 0x0000 0x04b0

PUAAdvertising:Win32/DealPli also known as:

LionicAdware.Win32.Generic.2!c
MicroWorld-eScanAdware.GenericKD.30999124
FireEyeAdware.GenericKD.30999124
McAfeeRDN/Generic PUP.x
CylanceUnsafe
SangforAdware.Win32.GenericKD.30999124
AlibabaAdWare:MSIL/CsdiMonetize.db071d1b
Cybereasonmalicious.685f66
VirITAdware.Win32.Genus.AL
SymantecTrojan.Gen.MBT
ESET-NOD32a variant of MSIL/Adware.CsdiMonetize.AN
APEXMalicious
Kasperskynot-a-virus:UDS:AdWare.Win32.Generic
BitDefenderAdware.GenericKD.30999124
NANO-AntivirusRiskware.Win32.CsdiMonetize.fdmfeg
ViRobotAdware.Csdimonetize.963661
AvastWin32:Adware-gen [Adw]
TencentMsil.Adware.Csdimonetize.Fil
EmsisoftAdware.GenericKD.30999124 (B)
ComodoMalware@#1a6pn01xwmii8
VIPRETrojan.Win32.Generic!BT
TrendMicroTROJ_GEN.R002C0DL921
McAfee-GW-EditionBehavesLike.Win32.AdwareFileTour.dc
SophosGeneric Reputation PUA (PUA)
SentinelOneStatic AI – Suspicious PE
JiangminAdware.Adload.hhr
AviraADWARE/CsdiMonetize.Gen
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftPUAAdvertising:Win32/DealPli
SUPERAntiSpywarePUP.Amonetize/Variant
ZoneAlarmnot-a-virus:UDS:AdWare.Win32.Generic
GDataAdware.GenericKD.30999124
CynetMalicious (score: 99)
AhnLab-V3Trojan/Win32.Qhost.C2172961
BitDefenderThetaGen:NN.ZemsilF.34182.Om0@a8ORoel
ALYacAdware.GenericKD.30999124
MAXmalware (ai score=98)
VBA32Trojan.Occamy
MalwarebytesAdware.Tuto4PC
TrendMicro-HouseCallTROJ_GEN.R002C0DL921
RisingAdware.WizzNetwork!1.CDFD (CLASSIC)
YandexPUA.Agent!T7cTHoX/9ZI
IkarusAdWare.MSIL.Csdimonetize
FortinetAdware/Generic
WebrootW32.Adware.Installcore
AVGWin32:Adware-gen [Adw]
PandaTrj/CI.A

How to remove PUAAdvertising:Win32/DealPli?

PUAAdvertising:Win32/DealPli removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment