home

player.exe

Awimba LLC

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application player.exe by Awimba has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from ttb.lpcloudsvr090.com.
Publisher:
Awimba LLC  (signed and verified)

MD5:
c8864ded0c4d27c62741c0502c47e148

SHA-1:
4865654fae56a747414fdf98deedf8e95a718206

SHA-256:
8e76c717f80319ed7be2b21d69569f865ff1218463723ccc013279841548d601

Scanner detections:
32 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/26/2024 10:05:51 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Application.Bundler.DomaIQ.Q
693

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2015.03.14

Avira AntiVirus
PUA/DomaIQ.Gen
7.11.217.16

avast!
PUP-gen [PUP]
2014.9-150313

AVG
Adware Skodna.Generic_r.IA
2014.0.4253

Bitdefender
Dropped:Application.Bundler.DomaIQ.Q
1.0.20.360

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Domaiq-171
0.98/19859

Comodo Security
Application.Win32.DomaIQ.STX
21400

Dr.Web
Trojan.PayInt.27
9.0.1.072

Emsisoft Anti-Malware
Dropped:Application.Bundler.DomaIQ.Q
8.15.03.13.06

ESET NOD32
Win32/DomaIQ.AV potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Adware/DomaIQ
3/13/2015

F-Prot
W32/Backdoor2.HTIW
v6.4.6.5.141

F-Secure
Spyware: Adware:W32/DomaIQ
11.2015-13-03_6

G Data
Dropped:Application.Bundler.DomaIQ
15.3.25

herdProtect (fuzzy)
variant of parent.txt (Adware)
2015.6.20.2

IKARUS anti.virus
not-a-virus:AdWare.MSIL.DomaIQ
t3scan.1.8.6.0

K7 AntiVirus
Riskware
13.200.15259

Kaspersky
not-a-virus:AdWare.Win32.DomaIQ
14.0.0.2351

Malwarebytes
PUP.Optional.BundleInstaller.A
v2015.03.13.06

McAfee
Program.Adware-DomaIQ
5600.6827

MicroWorld eScan
Dropped:Application.Bundler.DomaIQ.Q
16.0.0.216

NANO AntiVirus
Riskware.Win32.DomaIQ.csmcgi
0.30.0.296

Norman
Dropped:Application.Bundler.DomaIQ.Q
03.12.2014 13:20:04

nProtect
Trojan-Clicker/W32.DomaIQ.459848
15.03.13.01

Quick Heal
Adware.Domal.A5
3.15.14.00

Reason Heuristics
PUP.Bundler.Awimba
15.3.13.18

Sophos
PUA 'DomainIQ pay-per install'
5.11

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.3

VIPRE Antivirus
Threat.4783262
35418

File size:
449.1 KB (459,848 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\player.exe

Digital Signature
Signed by:
Awimba LLC

Authority:
DigiCert Inc

Valid from:
5/9/2013 9:00:00 PM

Valid to:
5/15/2014 9:00:00 AM

Subject:
CN=Awimba LLC, O=Awimba LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
09A928EF40E9E87418147E2639362A6E

File PE Metadata
Compilation timestamp:
1/9/2014 12:46:35 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:mOeTIfnjAEkxJPNeaL9uRqQb3fgnFwFGLgJ2k0SyCKF1pYax6uYj+LHzYz:FAEOJPNeapQrgjLgJoSyCuDYax6hjT

Entry address:
0xCCE2

Entry point:
E8, 94, 5E, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 88, 22, 42, 00, E8, C4, 04, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 58, 88, 42, 00, 77, 22, 6A, 04, E8, 7F, 60, 00, 00, 59, 83, 65, FC, 00, 56, E8, 86, 68, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, D0, 04, 00, 00, C3, 6A, 04, E8, 7A, 5F, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 70, D0, 41, 00, 83, 3D, 1C, 85, 42, 00, 00, 75, 18, E8, 3A, 57, 00...
 
[+]

Entropy:
7.3919

Code size:
110.5 KB (113,152 bytes)

The file player.exe has been seen being distributed by the following URL.

http://ttb.lpcloudsvr090.com/download/request/.../tr4KNFHC?__tc=1389547672.156&pub_id=176681&ce_cid=20rheD3DZ8Xok1IO2BWISz1w2oP4000.&tgu_src_lp_domain=www.dllthesoft.com

Remove player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.