Quick analysis note about DealPly (Adware)

Overview

Some information about DealPly can be found here:

• DealPly adware abuses Microsoft, McAfee services to evade detection
• Adware.DealPly

The post focuses on the following main sections:

• Unpack wrapper/loader to get main Dll payload.
• Decrypt C2url and strings are used in the malware code.

Sample:

SHA-256: 40584f79d109a18b1c4ea7e75a945324978652b6afcc9efbe62241717f0b4685

(more…)