google-chrome.exe

tuguu sl

The application google-chrome.exe by tuguu sl has been detected as adware by 21 anti-malware scanners. This is a setup program which is used to install the application. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from ttb.lpdownclsva001.com.
Publisher:
tuguu sl  (signed and verified)

MD5:
801956ed02dbcac800b8405e7b7ba3c1

SHA-1:
cf01acbb82dd5edc1ea950c5b8609ea2a6f715ff

SHA-256:
6d80a97c56a8f9957fa056a7d2a95ca05188d7c406eef6fce0338cee6f42a69d

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:
4/30/2014 9:19:42 AM UTC  (two months ago)

Scan engine
Detection
Engine version

Avira AntiVir
APPL/DomaIQ.AV
7.11.125.192

Antiy Labs AVL
AdWare/MSIL.DomaIQ
2.0.3.7

avast!
Win32:PUP-gen [PUP]
2014.9-140126

AVG
Skodna.Generic_r
2015.0.3582

Commtouch SDK
W32/Backdoor.ZZRW-1179
5.4.1.7

Comodo Security
Application.Win32.DomaIQ.D
17640

Dr.Web
Trojan.PayInt.27
9.0.1.026

ESET NOD32
Win32/DomaIQ.AV (variant)
8.9310

F-Prot
W32/Backdoor2.HTIW
v6.4.7.1.166

herdProtect (fuzzy)
2014.1.26.19

Jiangmin
AdWare/DomaIQ.if
KV140126

Kaspersky
not-a-virus:AdWare.Win32.DomaIQ
14.0.0.4406

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.01.26.06

McAfee
RDN/Generic.bfr!fq
5600.7238

McAfee Web Gateway
RDN/Generic.bfr!fq
7.7238

NANO AntiVirus
Riskware.Win32.DomaIQ.csmcgi
0.28.0.57029

Reason Heuristics
PUP.tuguusl.N
14.4.30.5

Rising Antivirus
PE:PUF.DomaIQ!1.9DE0
23.00.65.14124

Sophos
DomainIQ pay-per install
4.96

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.24.3

VIPRE Antivirus
Win32.Malware!Drop
25584

File size:
448.4 KB (459,168 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\user\downloads\google-chrome.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
6/13/2013 4:06:55 PM

Valid to:
6/13/2014 4:06:55 PM

Subject:
CN=tuguu sl, O=tuguu sl, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B632A0CF95E4D

File PE Metadata
Compilation timestamp:
1/9/2014 5:46:35 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:8OeTIfnjAEkxJPNeaL9uRqQb3fgnFwFGLgJ2k0SyCKF1pYax6uYj+LJYX:zAEOJPNeapQrgjLgJoSyCuDYax6hjp

Entry address:
0xCCE2

Entry point:
E8, 94, 5E, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 88, 22, 42, 00, E8, C4, 04, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 58, 88, 42, 00, 77, 22, 6A, 04, E8, 7F, 60, 00, 00, 59, 83, 65, FC, 00, 56, E8, 86, 68, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, D0, 04, 00, 00, C3, 6A, 04, E8, 7A, 5F, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 70, D0, 41, 00, 83, 3D, 1C, 85, 42, 00, 00, 75, 18, E8, 3A, 57, 00...
 
[+]

Code size:
110.5 KB (113,152 bytes)

The file google-chrome.exe has been seen being distributed by the following URL.

The following file closely match google-chrome.exe based on a fuzzy CTPH.

21 / 68    (Adware)
setup.exe  [99% match]  (fba758ef9c5e0c84bd18467d31537bc9fe32b7bf)

27 / 68    (Adware)
google-earth.exe  (5932c3956ff161822e86614f03c1bba03c559629)

2 / 68      (Adware)
v.exe  (c885a8c998dc91c80e8789161c59b6c0f6d58e76)

1 / 68      (Adware)
setup.exe  (41046612a4ea9037c62150aa2890124fcefa06f5)

1 / 68      (Adware)
installer.exe  (1bc8b481cbade1116598f329c83e003af1025850)

9 / 68      (Adware)
browser_update.exe  (4c38cc35b8d50d9aaf17f4e15c4105245a7ee166)

1 / 68      (Adware)
vso-convertxtodvd.exe  (fc01d899fb966811bcdf8068d5a1ec59819925cd)

1 / 68      (Adware)
player_setup.exe  (508efa61de1d278b1f4d3af54f41417c85b5de72)

1 / 68      (Adware)
java-runtime-environment-jre.exe  (f40234049722ec29b8b04c0a3cbb9d0eb3e958b2)

5 / 68      (Adware)
flashplayer.exe  (d82eb58fff6fdc5803068ef44e1b841bb41c31f1)

1 / 68      (Adware)
allmyvideos.exe  (5f1b9b603621792700608256c45dddbc6b2eaeb5)

8 / 68      (Adware)
DomaIQ10.exe  (7d508e9a087885d7aa26985b349f7663cb2af517)

1 / 68      (Adware)
windows-live-messenger.exe  (15aa81f8cf5111cafee55469f578502129137249)

1 / 68      (Adware)
driver-detective-6-6-fr.exe  (270f8f7dc7aa09592dfecbdc13f2965324c95645)

1 / 68      (Adware)
player_plugin.exe  (b6b315b8d465d8332d6abc3f79488e3561239809)

22 / 68    (Adware)
nero 8.1.0.exe  (3f8a93d530951711e4636db5900b6c6c9de57a39)

1 / 68      (Adware)
player setup.exe  (54070f2b8d16efec4ab139f1e67d27d711d5aad1)

Detection Incidence by Country