home

flashplayer_transaction_id=102d00337114bef25fc3ac363a5cb5.exe

Awimba LLC

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flashplayer_transaction_id=102d00337114bef25fc3ac363a5cb5.exe by Awimba has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. With this installer, users are expecting to download the free Adobe Flash Player but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Awimba LLC  (signed and verified)

MD5:
57ab3c28e7065dcd31f8cede5a44a378

SHA-1:
24853d6fe650068e8315eafdb6927c154212d513

SHA-256:
ca7ee71b611ddbd6f195f6abdda7320fab6be3dfd97c336edfdba07a176d104c

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Uses the InstallIQ download installer to bundle various adware offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/20/2024 6:09:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.586144
786

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.117.166

avast!
NSIS:DomaIQ-B [PUP]
2014.9-141211

AVG
MalSign.Skodna
2015.0.3264

Bitdefender
Adware.Generic.586144
1.0.20.1725

Bkav FE
W32.Clod5f7.Trojan
1.3.0.4562

Dr.Web
Adware.W3i.29
9.0.1.0345

Emsisoft Anti-Malware
Adware.Generic.586144
8.14.12.11.04

ESET NOD32
Win32/DomaIQ
8.9127

Fortinet FortiGate
Adware/DomaIQ.DT
12/11/2014

F-Secure
Adware.Generic.586144
11.2014-11-12_5

G Data
Adware.Generic.586144
14.12.22

McAfee
Artemis!EACAED58FD9D
5600.6920

MicroWorld eScan
Adware.Generic.586144
15.0.0.1035

Reason Heuristics
PUP.Awimba.z
14.12.11.4

Sophos
Generic PUA EG
4.95

SUPERAntiSpyware
PUP.BundleInstaller
10185

Trend Micro House Call
TROJ_GEN.R0CBH07JO13
7.2.345

VIPRE Antivirus
DomaIQ
23984

File size:
231.2 KB (236,792 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\flashplayer_transaction_id=102d00337114bef25fc3ac363a5cb5.exe

Digital Signature
Signed by:
Awimba LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/18/2012 11:12:06 AM

Valid to:
12/18/2013 11:12:06 AM

Subject:
CN=Awimba LLC, O=Awimba LLC, L=wilmington, S=DE, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
0423F035F20DC9

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:GQIURTXJc45/CnUfsK2zcmGoaMJELGpm14deV+NEgBaijJtrqKTsOmRSyXKp:Gs6FUfstc9FLGpm14dM+uOjJtrHKV

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.8497

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flashplayer_transaction_id=102d00337114bef25fc3ac363a5cb5.exe has been seen being distributed by the following 2 URLs.

http://dls.nicdls.com/p/84/FlashPlayer/202/.../transaction_id=102356ecfba8917c00c696fb3b77f0

http://dls.nicdls.com/p/84/FlashPlayer/202/.../transaction_id=102149620910b060b8184a2cf2ee05

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.