home

DomaIQ.exe

Tuguu S.L.U

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application DomaIQ.exe has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer, however the file is not signed with an authenticode signature from a trusted source. It is also typically executed from the user's temporary directory.
Publisher:
Tuguu S.L.U

Description:
DomaIQ2.3

Version:
1.0.1.3

MD5:
1503d14978e337fe81acdd11315e86b9

SHA-1:
ad9f1844c694bc07c18a489ca04b6a08d56f877c

SHA-256:
728a09ca6b2ac84ff3ccb387343b19aace32aa7e45ef5ff9a44bb6ec2c07f0e0

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Uses the InstallIQ download installer to bundle various adware offers.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/19/2024 5:42:38 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.148.114

Baidu Antivirus
Trojan.Win32.DomaIQ
4.0.3.14728

Comodo Security
UnclassifiedMalware
18239

Dr.Web
Adware.W3i.20
9.0.1.0209

ESET NOD32
Win32/DomaIQ.AI (variant)
8.9774

IKARUS anti.virus
APPL
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.177.12026

Malwarebytes
Adware.DomaIQ
v2014.07.28.02

McAfee
Artemis!1503D14978E3
5600.7056

NANO AntiVirus
Trojan.Win32.W3i.csnyjr
0.28.0.59608

Norman
Obfuscated.gen!r
11.20140728

Reason Heuristics
PUP.TuguuSLU.G
14.7.28.2

Sophos
DomainIQ pay-per install
4.98

Trend Micro House Call
ADW_DOMA
7.2.209

Trend Micro
ADW_DOMA
10.465.28

Vba32 AntiVirus
TScope.Trojan.MSIL
3.12.26.0

VIPRE Antivirus
Adware.Win32.DomaIQ.a
28998

File size:
340.5 KB (348,672 bytes)

Product version:
1.0.1.3

Original file name:
DomaIQ.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\flashplayer_151\domaiq.exe

File PE Metadata
Compilation timestamp:
3/15/2013 8:28:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:hQyztWlPUcQL78dSH0JfZonsMbyvPkbj4tqWEBUVaNaHqot3Bamnra1WNZ16i:hQGtWlPUcQL78dSUfZonsVUbj4TpMNi3

Entry address:
0x508AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.7925

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
314.5 KB (322,048 bytes)

Remove DomaIQ.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.