home

google-chrome.exe

Payments Interactive SL

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application google-chrome.exe by Payments Interactive SL has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Payments Interactive SL  (signed and verified)

MD5:
b4298ff329fdf55cec502c8234e3c423

SHA-1:
a9235c9335ab1db61f97cb874dee82942e9af776

SHA-256:
1fbcc2db98c3bf022eb44c777bd96c2ab96ae3e977fd8d8a42f3fd0e6361f423

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 5:41:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.139070
1021

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.142.186

avast!
Win32:Installer-AH [PUP]
2014.9-140411

AVG
MalSign.Generic
2015.0.3508

Bitdefender
Gen:Variant.Adware.Graftor.139070
1.0.20.550

Comodo Security
Application.Win32.DomaIQ.PUP
18086

Dr.Web
Adware.Downware.2630
9.0.1.0110

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.139070
8.14.04.20.11

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9665

F-Secure
Gen:Variant.Adware.Graftor.139070
11.2014-20-04_1

G Data
Gen:Variant.Adware.Graftor.139070
14.4.24

K7 AntiVirus
Unwanted-Program
13.176.11721

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.3988

Malwarebytes
PUP.Optional.DomaIQ
v2014.04.20.11

MicroWorld eScan
Gen:Variant.Adware.Graftor.139070
15.0.0.330

Panda Antivirus
PUP/MultiToolbar.A
14.04.11.10

Reason Heuristics
PUP.PaymentsInteractiveSL.N
14.8.7.23

Sophos
DomainIQ pay-per install
4.98

VIPRE Antivirus
DomaIQ
28194

File size:
620.4 KB (635,328 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\google-chrome.exe

Digital Signature
Signed by:
Payments Interactive SL

Authority:
DigiCert Inc

Valid from:
10/14/2013 8:00:00 PM

Valid to:
12/19/2014 7:00:00 AM

Subject:
CN=Payments Interactive SL, O=Payments Interactive SL, L=Puntagorda, S=Santa Cruz de Tenerife / Canarias, C=ES

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
060CE3456FDDB3F98DA9EDA1B876842F

File PE Metadata
Compilation timestamp:
4/11/2014 7:55:38 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:m8L7anD8b/2lQbZtUaQ9e0CjGO5951fWjjkcwZEV1lJw7YAr:vSnD8rAe0CjGA9fWXkclV1lJ8r

Entry address:
0x2E4D

Entry point:
E8, FC, 1E, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 82, 04, 00, 00, 3B, 0D, AC, 31, 42, 00, 75, 02, F3, C3, E9, 73, 1F, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, C3, 25, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 31, 25, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 9E, 25, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 2B, 20, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D...
 
[+]

Entropy:
5.9280

Code size:
111 KB (113,664 bytes)

The file google-chrome.exe has been seen being distributed by the following URL.

http://dlp.filesonar.com/o/259/google-chrome/291/.../I7SUIBPC

Remove google-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.