home

java.exe

Clovermedia SL

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application java.exe by Clovermedia SL has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. With this installer, users are expecting to download the free Oracle Java Runtime but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Clovermedia SL  (signed and verified)

MD5:
b06b1a6d4bb94c73fbadd9460fbc9bee

SHA-1:
6e76b1d32a01dc3f80d847c360dc0e63757e7335

SHA-256:
dd63f10469547d55ebfc006d2ab2957803c78233f8b1b323c9a1236c5348c2f1

Scanner detections:
3 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/16/2024 10:23:11 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.148.114

McAfee
PUP-FJP!3CBBD273B6B8
5600.7136

Reason Heuristics
PUP.ClovermediaSL.E
14.5.8.15

File size:
937.4 KB (959,856 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\java.exe

Digital Signature
Signed by:
Clovermedia SL

Authority:
GoDaddy.com, Inc.

Valid from:
2/13/2014 9:22:48 AM

Valid to:
2/13/2015 9:22:48 AM

Subject:
CN=Clovermedia SL, O=Clovermedia SL, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
281161B1143F2B

File PE Metadata
Compilation timestamp:
5/8/2014 8:59:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:uiFWnuZ31udF/r4RBcABTVAoCwX1uGzyz/ncMIw:OKcS/TVAoCmMG2zflIw

Entry address:
0x5403

Entry point:
E8, C0, 61, 00, 00, E9, 39, FE, FF, FF, E9, 51, 28, 00, 00, 3B, 0D, 60, D2, 45, 00, 75, 02, F3, C3, E9, A1, 65, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 14, 36, 46, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, E0, D7, 45, 00, 01, 0F, 82, DA...
 
[+]

Code size:
298 KB (305,152 bytes)

The file java.exe has been seen being distributed by the following URL.

http://www.lpcloudsvr203.com/.../Java.exe

Remove java.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.