» 68abefb5ca19bea607689233053f5b92.exe
Overview
Analysis
File Details

68abefb5ca19bea607689233053f5b92.exe

Payments Interactive SL

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application 68abefb5ca19bea607689233053f5b92.exe by Payments Interactive SL has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.

File name:

Publisher:

Payments Interactive SL (signed and verified)

MD5:

68abefb5ca19bea607689233053f5b92

SHA-1:

eada75d1a07e88ea648c777484e088185565ef38

SHA-256:

8ef64e59a3e90147efe1b0dd9a524f30cfd7d1056a9f08c95e2426b9fd04816b

Scanner detections:

28 / 68

Status:

Adware

Explanation:

May bundle additional potentially unwanted software such as adware during setup.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 9:32:46 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.DomaIQ.B

928

Agnitum Outpost

PUA.DomaIQ

7.1.1

AhnLab V3 Security

PUP/Win32.DomaIQ

2014.07.23

Avira AntiVirus

APPL/DomaIQ.Gen

7.11.163.92

avast!

Win32:DomaIQ-CK [PUP]

2014.9-140722

AVG

DomaIQ

2015.0.3406

Baidu Antivirus

Adware.Win32.DomaIQ

4.0.3.14722

Clam AntiVirus

Win.Adware.Domaiq-2

0.98/21411

Comodo Security

UnclassifiedMalware

18934

Dr.Web

Trojan.Packed.26772

9.0.1.0203

Fortinet FortiGate

Adware/MSIL_DomaIQ

7/22/2014

F-Prot

W32/A-6ce2df67

v6.4.7.1.166

F-Secure

Application.Bundler.DomaIQ

11.2014-22-07_3

G Data

Win32.Adware.Silp

14.7.24

IKARUS anti.virus

AdWare.AdInstaller

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.181.12795

Malwarebytes

PUP.Optional.BundleInstaller.A

v2014.07.22.10

McAfee

CryptDomaIQ

5600.7062

Microsoft Security Essentials

TrojanDownloader:Win32/Tugspay.A

1.10802

MicroWorld eScan

Application.Bundler.DomaIQ.B

15.0.0.609

NANO AntiVirus

Riskware.Win32.DomaIQ.czntwv

0.28.2.60990

nProtect

Trojan-Clicker/W32.Agent.490432

14.07.21.01

Quick Heal

Adware.DomaIQ.BT5

7.14.14.00

Reason Heuristics

PUP.PaymentsInteractiveSL.a

14.8.7.23

Rising Antivirus

PE:Trojan.Win32.Generic.16CADF0E!382394126

23.00.65.14720

SUPERAntiSpyware

PUP.DomalIQ/Variant

10468

Trend Micro House Call

TROJ_GEN.F47V0515

7.2.203

VIPRE Antivirus

Trojan.Win32.Generic

31494

File size:

478.9 KB (490,432 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup

Digital Signature

Signed by:

Payments Interactive SL

Authority:

GoDaddy.com, Inc.

Valid from:

12/5/2013 3:09:43 PM

Valid to:

12/5/2014 3:09:43 PM

Subject:

CN=Payments Interactive SL, O=Payments Interactive SL, L=Adeje, S=Santa cruz de Tenerife, C=ES

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4EAD03AB9EAF7D

File PE Metadata

Compilation timestamp:

5/15/2014 11:57:10 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:0gM+lFy9XBu5gmEBipkz+Jix8NB40poIZ2ix0LzjYfbdBcpv6DYA1:0qFytBu5kiplJiGDIix4zjNpv6v1

Entry address:

0x4E24

Entry point:

E8, 2F, 34, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 58, 03, 43, 00, FF, 15, 6C, D0, 41, 00, 85, C0, 75, 18, 56, E8, 20, 13, 00, 00, 8B, F0, FF, 15, 50, D0, 41, 00, 50, E8, 6B, 13, 00, 00, 59, 89, 06, 5E, 5D, C3, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, ED, 12, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, 16, 1B, 00, 00, 59, 8B, F8... 
[+]

Code size:

109 KB (111,616 bytes)

Remove 68abefb5ca19bea607689233053f5b92.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.