home

google-chrome.exe

Payments Interactive S.L.

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application google-chrome.exe by Payments Interactive S.L has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.lpcloudsvr203.com.
Publisher:
Payments Interactive S.L.  (signed and verified)

MD5:
7c935acaa35e99787b6270bd6e67f92e

SHA-1:
752e52e265f1b16d2ae435849c3cec8b9b8d5f3e

SHA-256:
322310f4f1c80b509e614bba6b26067f4e895526232d5cab4cd24699fbbd2a02

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/26/2024 4:18:32 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Agent.BEFC
917

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.08.02

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.164.242

avast!
Win32:DomaIQ-BT [PUP]
140617-1

AVG
Trojan horse Downloader.Generic13.CLYK.dropper
2014.0.3986

Bitdefender
Trojan.Agent.BEFC
1.0.20.1065

Comodo Security
Application.Win32.DomaIQ.KAO
19049

Dr.Web
Trojan.SMSSend.4979
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Agent.BEFC
8.14.08.01.08

ESET NOD32
Win32/DomaIQ.BB potentially unwanted application
7.0.302.0

F-Secure
Trojan.Agent.BEFC
11.2014-01-08_6

G Data
Trojan.Agent.BEFC
14.8.24

K7 AntiVirus
Unwanted-Program
13.182.12926

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.DomaIQ
14.0.0.3471

Malwarebytes
PUP.Optional.Dropper.BL
v2014.08.01.08

McAfee
RDN/Generic.bfr!et
5600.7051

Microsoft Security Essentials
Threat.Undefined
1.179.1743.0

MicroWorld eScan
Trojan.Agent.BEFC
15.0.0.639

nProtect
Trojan.Agent.BEFC
14.08.01.01

Reason Heuristics
PUP.PaymentsInteractiveSL.N
14.8.1.19

Sophos
DomainIQ pay-per install
4.98

Total Defense
Win32/Tnega.RGMUTLD
37.0.11094

Vba32 AntiVirus
AdWare.Lollipop
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

File size:
226.6 KB (232,024 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\google-chrome.exe

Digital Signature
Signed by:
Payments Interactive S.L.

Authority:
GlobalSign nv-sa

Valid from:
2/10/2014 5:19:40 AM

Valid to:
2/11/2015 5:19:40 AM

Subject:
E=victor.camacho@paymentsint.com, CN=Payments Interactive S.L., O=Payments Interactive S.L., L=Puntagorda, S=Tenerife, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112101CC52CD8725B37EE06251B5DC695BD9

File PE Metadata
Compilation timestamp:
7/23/2014 5:35:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:A4lwZ40243s0gJvyTZaPYZeHF/tIzi+Tk98i9goc8VRt:Hn0d8PJvyQYZelVIziveo/Rt

Entry address:
0x3B7E

Entry point:
B8, 4C, 95, 48, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 38, 5A, A3, F1, 38, 63, A6, D0, 1B, BA, C0, C2, C2, 59, 48, 58, AE, 91, 37, 95, B9, A8, F0, 47, 54, CB, D0, 37, 5A, 7A, FF, 1C, 9D, 0C, F6, 2B, D9, 86, B8, D2, 2E, B5, 2A, 2A, A6, 33, B6, 0F, 2A, 5E, 4F, 5A, 18, D7, 55, 78, AF, 3D, 30, 0C, 34, 9B, 8F, EF, 7E, 28, AE, B0, F2, BA, AD, 82, A7, 47, E2, E6, A0, C1, 66, DB, 40, B3, 76, 39, 65, E6, 4E, A5, 12, 73, F7, 31, B3...
 
[+]

Entropy:
7.9804

Packer / compiler:
PECompact v2

Code size:
112.5 KB (115,200 bytes)

The file google-chrome.exe has been seen being distributed by the following URL.

http://www.lpcloudsvr203.com/.../Google-Chrome.exe

Remove google-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.