home

parent.txt

Lunacom Interactive Ltd

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file parent.txt by Lunacom Interactive has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. It is also typically executed from the user's temporary directory.
Publisher:
Lunacom Interactive Ltd  (signed and verified)

MD5:
ace5c53a872fcc57c157945523323175

SHA-1:
82f2b2e33e1a6395698705fe18f7b627cda099fd

SHA-256:
f8b066d1cf8dbfd73ec30ca816befa19b25fed5cc53a060e311155c88f6ec453

Scanner detections:
30 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 5:35:06 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
Win-PUP/DomaIQ.Gen
2015.05.23

Avira AntiVirus
PUA/DomaIQ.Gen7
8.3.1.6

avast!
DomaIQ-AL [PUP]
150521-0

AVG
Adware DomaIQ.FZ
2014.0.4311

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Domaiq-206
0.98/21511

Comodo Security
Application.Win32.DomaIQ.KR
22221

Dr.Web
Trojan.Packed.24553
9.0.1.05190

ESET NOD32
MSIL/DomaIQ.B potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/DomaIQ
5/23/2015

G Data
NSIS.Adware.DomaIQ
15.5.25

K7 AntiVirus
Unwanted-Program
13.204.16007

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
15.0.0.543

Malwarebytes
PUP.Optional.DomaIQ
v2015.05.23.10

McAfee
Trojan.Artemis!ACE5C53A872F
17.6.569.0

NANO AntiVirus
Riskware.Win32.DomaIQ.csooww
0.30.24.1636

Norman
DomaIQ.CERT
11.20150523

nProtect
Trojan-Clicker/W32.Lollipop.321576
15.05.22.01

Panda Antivirus
PUP/MultiToolbar.A
15.05.23.10

Qihoo 360 Security
Win32/Virus.1ab
1.0.0.1015

Quick Heal
Adware.DomaIQ.BA5
5.15.14.00

Reason Heuristics
PUP.Installer.LunacomInteractive
15.5.23.6

Sophos
PUA 'DomainIQ pay-per install'
5.14

SUPERAntiSpyware
PUP.DomaIQ/Variant
9858

Trend Micro House Call
TROJ_GE.C9A277BF
7.2.143

Trend Micro
TROJ_GE.C9A277BF
10.465.23

Vba32 AntiVirus
AdWare.MSIL.DomaIQ
3.12.26.4

VIPRE Antivirus
Threat.4783262
40432

Zillya! Antivirus
Adware.DomaIQ.Win32.144
2.0.0.2187

File size:
314 KB (321,576 bytes)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\861f655bacee44cfbd5d6917b591ad48\parent.txt

Digital Signature
Signed by:
Lunacom Interactive Ltd

Authority:
VeriSign, Inc.

Valid from:
10/6/2013 2:00:00 AM

Valid to:
12/6/2014 12:59:59 AM

Subject:
CN=Lunacom Interactive Ltd, OU="Raul Valenberg 6, ", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lunacom Interactive Ltd, L=Tel Aviv-Jaffa, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
15E496383F5A0396A7AD86D85850D5BB

File PE Metadata
Compilation timestamp:
7/14/2013 10:09:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:Q+K03BrcBT4b4vKAL0jukeBS2DNjnRO6YlNobdlmokiVDPOxS:x3BY4WvLaulB5DFnG/obm0ZgS

Entry address:
0x30DC

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 78, 3F, 42, 00, E8, 73, 2D, 00, 00, A3, C4, 3E, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 80, F4, 41, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, C0, 36, 42, 00, E8, 1D, 2A, 00, 00, FF, 15, 1C, 71, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 0B, 2A...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove parent.txt - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.