home

google-chrome.exe

Payments Interactive S.L.

This is part of the Tuguu DomaIQ , a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application google-chrome.exe by Payments Interactive S.L has been detected as adware by 10 anti-malware scanners. The file has been seen being downloaded from www.lpcloudsvr203.com.
Publisher:
Payments Interactive S.L.  (signed and verified)

MD5:
1b801ecc8b5851a1c1e90c5fc66de169

SHA-1:
84148cb1c176f79d9de33aaa6f5c44e9e843dbd7

SHA-256:
8a5d68075bd83cd88df12156109422d2e90e200841eff35e1e9a7d40bba334ac

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:
4/26/2024 9:36:32 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.142.34

AVG
DomaIQ_r.J
2015.0.3510

Comodo Security
Application.Win32.DomaIQ.PUP
18073

ESET NOD32
MSIL/DomaIQ (variant)
8.9653

Kaspersky
not-a-virus:AdWare.Win32.Lollipop
14.0.0.4044

Malwarebytes
PUP.Optional.DomaIQ
v2014.04.09.03

Panda Antivirus
Trj/Genetic.gen
14.04.09.03

Reason Heuristics
PUP.PaymentsInteractiveSL.N
14.4.9.2

Sophos
DomainIQ pay-per install
4.98

VIPRE Antivirus
DomaIQ
28154

File size:
596.1 KB (610,360 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\google-chrome.exe

Digital Signature
Signed by:
Payments Interactive S.L.

Authority:
GlobalSign nv-sa

Valid from:
2/10/2014 2:19:40 AM

Valid to:
2/11/2015 2:19:40 AM

Subject:
E=victor.camacho@paymentsint.com, CN=Payments Interactive S.L., O=Payments Interactive S.L., L=Puntagorda, S=Tenerife, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112101CC52CD8725B37EE06251B5DC695BD9

File PE Metadata
Compilation timestamp:
4/7/2014 1:33:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:ODxoLQLROU9VU+Fm5Vl/byM8aQg0UrOjmpit1wKX0eCuZjJSFOqcYj:gxoOROUaV0Uqjm4lXpJZjJiOqL

Entry address:
0x2C42

Entry point:
E8, 1E, 2E, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, 48, 02, 42, 00, E8, 04, 01, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, D8, 6F, 42, 00, 03, 75, 43, 6A, 04, E8, 20, 30, 00, 00, 59, 83, 65, FC, 00, 56, E8, 43, 31, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 64, 31, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, F4, 2E, 00, 00, 59, C3, 56, 6A, 00, FF, 35, 4C, 6A, 42, 00, FF, 15, 64, D0, 41, 00, 85, C0, 75, 16, E8, DB, 0A, 00...
 
[+]

Entropy:
5.9319

Code size:
109.5 KB (112,128 bytes)

The file google-chrome.exe has been seen being distributed by the following URL.

http://www.lpcloudsvr203.com/.../Google-Chrome.exe

Remove google-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.