home

google-earth.exe

Lunacom Interactive Ltd

This is part of the Tuguu DomaIQ , a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application google-earth.exe by Lunacom Interactive has been detected as adware by 21 anti-malware scanners. The file has been seen being downloaded from dlp.nicdls.com.
Publisher:
Lunacom Interactive Ltd  (signed and verified)

MD5:
977c6c4933046c79ee7fcc82896394aa

SHA-1:
630d0348dace0fa9e484c8a2bb65d11f6741dcff

SHA-256:
fa3e0237a8c0600c4f539b1768de147c20aea395613bef8dabcf75903740edee

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:
4/26/2024 11:55:44 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.139070
1021

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.143.56

avast!
Win32:DomaIQ-T [PUP]
2014.9-140420

AVG
DomaIQ
2015.0.3505

Bitdefender
Gen:Variant.Adware.Graftor.139070
1.0.20.550

Comodo Security
Application.Win32.DomaIQ.PUP
18100

Dr.Web
Adware.Downware.2630
9.0.1.0103

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.139070
8.14.04.20.11

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9672

F-Secure
Gen:Variant.Adware.Graftor.139070
11.2014-20-04_1

G Data
Gen:Variant.Adware.Graftor.139070
14.4.24

K7 AntiVirus
Unwanted-Program
13.176.11737

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.4021

Malwarebytes
PUP.Optional.DomaIQ
v2014.04.13.08

MicroWorld eScan
Gen:Variant.Adware.Graftor.139070
15.0.0.330

Norman
DomaIQ.CERT
11.20140413

Panda Antivirus
PUP/MultiToolbar.A
14.04.13.08

Reason Heuristics
PUP.LunacomInteractive.M
14.4.13.17

Sophos
DomainIQ pay-per install
4.98

VIPRE Antivirus
DomaIQ
28214

File size:
620.4 KB (635,264 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\google-earth.exe

Digital Signature
Signed by:
Lunacom Interactive Ltd

Authority:
VeriSign, Inc.

Valid from:
10/5/2013 8:00:00 PM

Valid to:
12/5/2014 6:59:59 PM

Subject:
CN=Lunacom Interactive Ltd, OU="Raul Valenberg 6, ", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lunacom Interactive Ltd, L=Tel Aviv-Jaffa, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
15E496383F5A0396A7AD86D85850D5BB

File PE Metadata
Compilation timestamp:
4/11/2014 7:55:38 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:mDL7anD8b/2lQbZtUaQ9e0CjGO5951fWjjkcwZEV1lJwhYy:ISnD8rAe0CjGA9fWXkclV1lJE

Entry address:
0x2E4D

Entry point:
E8, FC, 1E, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 82, 04, 00, 00, 3B, 0D, AC, 31, 42, 00, 75, 02, F3, C3, E9, 73, 1F, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, C3, 25, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 31, 25, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 9E, 25, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 2B, 20, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D...
 
[+]

Entropy:
5.9316

Code size:
111 KB (113,664 bytes)

The file google-earth.exe has been seen being distributed by the following URL.

http://dlp.nicdls.com/c/81/google-earth/341/.../4A3LcUSz?kw=CPf7xICvrrsCFUho7AodwWsApQ

Remove google-earth.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.