home

DomaIQ10.exe

DomaIQ10

TUGUU SL

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application DomaIQ10.exe by TUGUU SL has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. It is also typically executed from the user's temporary directory.
Publisher:
Microsoft  (signed by TUGUU SL)

Product:
DomaIQ10

Version:
1.0.0.0

MD5:
31f5f684259740b397d5f067b4daa79d

SHA-1:
d3433721734d2a368a60623c85673271d510b5cf

SHA-256:
86ca08ddea4600806c1b3ec1dfe03fba7a69b96ac85806fea2b40eff9f82f087

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/26/2024 10:15:10 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.10052059
1022

avast!
Win32:DomaIQ-T [PUP]
2014.9-140418

Bitdefender
Trojan.Generic.10052059
1.0.20.540

Bkav FE
W32.Clod1f0.Trojan
1.3.0.4613

Dr.Web
Tool.DownLoader.44
9.0.1.0108

ESET NOD32
Win32/DomaIQ (variant)
8.9157

F-Secure
Trojan.Generic.10052059
11.2014-18-04_6

G Data
Trojan.Generic.10052059
14.4.22

IKARUS anti.virus
AdWare.Win32.DomaIQ
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.174.10609

MicroWorld eScan
Trojan.Generic.10052059
15.0.0.324

Panda Antivirus
Adware/MultiToolbar
14.04.18.11

Reason Heuristics
PUP.TUGUUSL.I
14.8.7.18

Sophos
DomainIQ pay-per install
4.95

Trend Micro House Call
TROJ_GEN.R0CBH0AIH13
7.2.108

VIPRE Antivirus
DomaIQ
24238

File size:
183.9 KB (188,280 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Microsoft 2011

Original file name:
DomaIQ10.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\installer_for_minecraft_028298\domaiq10.exe

Digital Signature
Signed by:
TUGUU SL

Authority:
GoDaddy.com, Inc.

Valid from:
5/3/2012 11:02:02 AM

Valid to:
5/3/2013 11:02:02 AM

Subject:
CN=TUGUU SL, O=TUGUU SL, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
079402776DB199

File PE Metadata
Compilation timestamp:
8/1/2012 1:14:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
3072:J0Ddqa46nhKiWmP7ckqur/WiWWWt5nNtt+5/Vkn9dRIqIQNUPVv/41cg+335jwDM:J0D546nhKiWmP7ckqur/WiWWWt5nNttK

Entry address:
0x2CF1E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5384

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
172 KB (176,128 bytes)

Remove DomaIQ10.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.