home

flashplayer_v.7125540c.exe

Awimba LLC

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flashplayer_v.7125540c.exe by Awimba has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Awimba LLC  (signed and verified)

MD5:
3d4d2397bbd699c81efc8dc8c785065b

SHA-1:
398f60dc5036070971ea816a9e22bcba23c75231

SHA-256:
ddc75d1d6d149dda662ef7dd645dfc50ab465b3c0cd9548da2fa83c5eab2339c

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Uses the InstallIQ download installer to bundle various adware offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 10:11:04 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Amonetize.11
896

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
Win-AppCare/DomaIQ.K.423616
2014.08.18

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.167.196

avast!
NSIS:DomaIQ-B [PUP]
2014.9-140822

AVG
AdInstaller.DomaIQ
2015.0.3374

Bitdefender
Gen:Variant.Application.Bundler.Amonetize.11
1.0.20.1170

Bkav FE
W32.Cloda3b.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
19227

Dr.Web
Adware.W3i.29
9.0.1.0234

ESET NOD32
Win32/DomaIQ
8.10271

Fortinet FortiGate
Adware/DomaIQ.DT
8/22/2014

F-Secure
Gen:Variant.Application.Bundler
11.2014-22-08_6

G Data
Gen:Variant.Application.Bundler.Amonetize.11
14.8.24

IKARUS anti.virus
Win32.DomaIQ
t3scan.1.7.5.0

Kaspersky
not-a-virus:AdWare.Win32.DomaIQ
14.0.0.3366

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.08.22.09

McAfee
Artemis!3D4D2397BBD6
5600.7030

MicroWorld eScan
Gen:Variant.Application.Bundler.Amonetize.11
15.0.0.702

NANO AntiVirus
Trojan.Win32.Downware.boptmf
0.28.2.61519

Qihoo 360 Security
Win32/Trojan.0bc
1.0.0.1015

Quick Heal
AdWare.DomaIQ.r3 (Not a Virus)
8.14.14.00

Reason Heuristics
PUP.Awimba.V
14.8.22.21

Sophos
Generic PUA PB
4.98

Trend Micro House Call
TROJ_SPNR.0BD214
7.2.234

Trend Micro
TROJ_SPNR.0BD214
10.465.22

Vba32 AntiVirus
AdWare.DomaIQ
3.12.26.3

VIPRE Antivirus
DomaIQ
32312

File size:
413.7 KB (423,616 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\flashplayer_v.7125540c.exe

Digital Signature
Signed by:
Awimba LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/18/2012 9:12:06 AM

Valid to:
12/18/2013 9:12:06 AM

Subject:
CN=Awimba LLC, O=Awimba LLC, L=wilmington, S=DE, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
0423F035F20DC9

File PE Metadata
Compilation timestamp:
12/5/2009 3:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Ke34PFvyuUoUW8sQKJH2GqooBANmHRXIfkXid29mDoLGjnLpq0rKU/T+Ru782o3G:WFvesTo7THlHXiHDoKrM0Ok+Ruox

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9351

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file flashplayer_v.7125540c.exe has been seen being distributed by the following 3 URLs.

http://dls.nicdls.com/p/151/FlashPlayer/79/.../V.7335149c

http://dls.nicdls.com/p/151/FlashPlayer/79/.../V.7160342c

http://dls.nicdls.com/p/151/FlashPlayer/79/.../V.7214179c

Remove flashplayer_v.7125540c.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.