home

00000000

Clovermedia SLU

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file 00000000 by Clovermedia SLU has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Clovermedia SLU  (signed and verified)

MD5:
4fc200bcbe323a377476ca9abc83bfd4

SHA-1:
c01b94407a4c21e86a5bb2b1a6fe511f38b5851d

SHA-256:
85847064b57cbf9d69eeae6a7f2d16707dfd4a85644e75d8675a78a13ac93df8

Scanner detections:
31 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 6:32:12 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.DomaIQ.Q
6280285

Agnitum Outpost
PUA.Lollipop
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.12.26

Avira AntiVirus
Adware/Lollipop.708544
7.11.197.232

AVG
Adware DomaIQ.EZ
2014.0.4235

Bitdefender
Application.Bundler.DomaIQ.Q
1.0.20.1795

Clam AntiVirus
Win.Adware.Domaiq-95
0.98/19837

Comodo Security
Application.Win32.DomaIQ.XFR
20477

Dr.Web
Adware.Downware.4620
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.DomaIQ.Q
9.0.0.4668

ESET NOD32
Win32/DomaIQ.BJ potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.1780384
12/25/2014

F-Prot
W32/DomaIQ.C.gen
v6.4.7.1.166

F-Secure
Riskware.Application.Bundler.DomaIQ
5.13.68

G Data
Application.Bundler.DomaIQ
14.12.24

IKARUS anti.virus
AdWare.DomaIQ
t3scan.1.8.5.0

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.DomaIQ
14.0.0.2741

Malwarebytes
PUP.Optional.DomaIQ
v2014.12.25.08

McAfee
Program.CryptDomaIQ
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.191.886.0

MicroWorld eScan
Application.Bundler.DomaIQ.Q
15.0.0.1077

NANO AntiVirus
Riskware.Win32.Chgt.dbmeye
0.30.0.64448

Norman
Application.Bundler.DomaIQ.Q
04.12.2014 14:30:06

Panda Antivirus
Trj/Genetic.gen
14.12.25.08

Quick Heal
Adware.DomaIQ.BT5
12.14.14.00

Reason Heuristics
PUP.ClovermediaSLU.I
14.12.25.19

Rising Antivirus
PE:Trojan.Win32.Generic.16FAF730!385546032
23.00.65.141223

Sophos
PUA 'DomainIQ pay-per install'
5.09

Vba32 AntiVirus
TScope.Trojan.MSIL
3.12.26.3

VIPRE Antivirus
Threat.4783235
35418

Zillya! Antivirus
Adware.DomaIQ.Win32.326
2.0.0.2016

File size:
692.6 KB (709,264 bytes)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\appdata\local\application data\google\chrome\user data\default\file system\002\t\00\00000000

Digital Signature
Signed by:
Clovermedia SLU

Authority:
COMODO CA Limited

Valid from:
2/27/2014 10:00:00 PM

Valid to:
2/28/2015 9:59:59 PM

Subject:
CN=Clovermedia SLU, O=Clovermedia SLU, STREET="Aragon 3, D12", L=Adeje, S=Santa Cruz de Tenerife, PostalCode=38670, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009737188425E0819038CFB58398A6812A

File PE Metadata
Compilation timestamp:
6/13/2014 8:19:41 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:nZMyBuoimq/sAaZrdKp8+9JzLdjzwnEG0SOs6b6jVciJe3d/znCJLi1TrHNbnS/T:ZM8uoO4ZrdKp8+9Jz5/qR

Entry address:
0x2EED

Entry point:
E8, 8D, 3E, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, B0, DD, 41, 00, E8, 09, 01, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 18, 0C, 42, 00, 03, 75, 43, 6A, 04, E8, 8F, 40, 00, 00, 59, 83, 65, FC, 00, 56, E8, B2, 41, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, D3, 41, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, 63, 3F, 00, 00, 59, C3, 56, 6A, 00, FF, 35, CC, 08, 42, 00, FF, 15, 64, A0, 41, 00, 85, C0, 75, 16, E8, E0, 09, 00...
 
[+]

Code size:
100 KB (102,400 bytes)

Remove 00000000 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.