» java.exe
Overview
Analysis
File Details

java.exe

Lunacom Interactive Ltd

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application java.exe by Lunacom Interactive has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. With this installer, users are expecting to download the free Oracle Java Runtime but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

java.exe

Publisher:

Lunacom Interactive Ltd (signed and verified)

MD5:

fa3d3f1c66bd907132b8a22be6900cba

SHA-1:

088e2100da907dbfb6e8cb38e3b5bc94d79ba782

SHA-256:

7c9f69698a8a027b8274a3f6670095b63b912d1a5ac04ba67f908bce4072bf17

Scanner detections:

31 / 68

Status:

Adware

Explanation:

Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 7:09:57 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Application.Bundler.DomaIQ.Q

6473648

Agnitum Outpost

PUA.DomaIQ

7.1.1

AhnLab V3 Security

PUP/Win32.DomaIQ

2015.01.29

Avira AntiVirus

APPL/DomaIQ.Gen2

7.11.205.178

avast!

Win32:DomaIQ-CM [PUP]

150126-0

AVG

Adware Skodna.Generic_r.IA

2014.0.4257

Bitdefender

Dropped:Application.Bundler.DomaIQ.Q

1.0.20.140

Clam AntiVirus

Win.Trojan.Domaiq-35

0.98/21511

Comodo Security

Application.Win32.DomaIQ.D

20877

Dr.Web

Trojan.PayInt.14

9.0.1.05190

Emsisoft Anti-Malware

Dropped:Application.Bundler.DomaIQ.Q

9.0.0.4799

ESET NOD32

Win32/DomaIQ.AU potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/DomaIQ

1/28/2015

F-Prot

W32/DomaIQ.B.gen

v6.4.7.1.166

F-Secure

Adware:W32/DomaIQ

5.13.68

G Data

Dropped:Application.Bundler.DomaIQ

15.1.25

K7 AntiVirus

Unwanted-Program

13.193.14786

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.2572

Malwarebytes

PUP.Optional.BundleInstaller.A

v2015.01.28.01

McAfee

CryptDomaIQ

5600.6871

MicroWorld eScan

Dropped:Application.Bundler.DomaIQ.Q

16.0.0.84

NANO AntiVirus

Trojan.Win32.PayInt.csfiac

0.30.0.65070

Norman

Dropped:Application.Bundler.DomaIQ.Q

03.12.2014 13:20:04

Panda Antivirus

PUP/MultiToolbar.A

15.01.28.01

Quick Heal

Adware.Domal.A5

1.15.14.00

Reason Heuristics

PUP.LunacomInteractive

15.1.28.13

Rising Antivirus

PE:PUF.DomaIQ!1.9EEB

23.00.65.15126

Sophos

PUA 'DomainIQ pay-per install'

5.10

Vba32 AntiVirus

BScope.Downware.DomaIQ

3.12.26.3

VIPRE Antivirus

Threat.4783235

36694

Zillya! Antivirus

Adware.DomaIQ.Win32.92

2.0.0.2048

File size:

469.4 KB (480,672 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup

Common path:

C:\users\{user}\downloads\java.exe

Digital Signature

Signed by:

Lunacom Interactive Ltd

Authority:

VeriSign, Inc.

Valid from:

10/5/2013 5:00:00 PM

Valid to:

12/5/2014 3:59:59 PM

Subject:

CN=Lunacom Interactive Ltd, OU="Raul Valenberg 6, ", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lunacom Interactive Ltd, L=Tel Aviv-Jaffa, S=Israel, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

15E496383F5A0396A7AD86D85850D5BB

File PE Metadata

Compilation timestamp:

12/30/2013 6:05:07 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:tgX4H5EecNFTzZoi5aolh5q9Y24Y5d9OE3xPA6yxsQ9hwNGPWNIyseoO3zSAYPu:ZcN1zZoiMoK4Y5d9V3JnpshkWu

Entry address:

0xD162

Entry point:

E8, C5, 63, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 18, 43, 42, 00, E8, C4, 04, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 58, A8, 42, 00, 77, 22, 6A, 04, E8, B0, 65, 00, 00, 59, 83, 65, FC, 00, 56, E8, B7, 6D, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, D0, 04, 00, 00, C3, 6A, 04, E8, AB, 64, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 70, F0, 41, 00, 83, 3D, 1C, A5, 42, 00, 00, 75, 18, E8, 6A, 5C, 00... 
[+]

Entropy:

7.4366

Code size:

119.5 KB (122,368 bytes)

Remove java.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.