home

player.exe

Awimba LLC

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application player.exe by Awimba has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.lpcloudsvr0100.com.
Publisher:
Awimba LLC  (signed and verified)

MD5:
319fc1a35bae6fcc5fc4f3371274a911

SHA-1:
e4f942c5838a28ace5933db3b6425b95a2e750e0

SHA-256:
bc83f9a74eb128c45b8c04e8a5430b66dc53d5d876e54302142730c6e10e1c17

Scanner detections:
26 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 5:15:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DomaIQ.5
993

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
14.05.17

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.150.60

avast!
DomaIQ-CC [PUP]
140516-1

AVG
Adware DomaIQ_r.B
2014.0.3950

Bitdefender
Gen:Variant.Application.Bundler.DomaIQ.3
1.0.20.685

Comodo Security
Application.Win32.DomaIQ.PUS
18286

Dr.Web
Trojan.DownLoader9.24937
9.0.1.0137

ESET NOD32
Win32/DomaIQ.BA (variant)
8.9814

F-Prot
W32/DomaIQ.D3.gen
v6.4.7.1.166

F-Secure
Adware:W32/DomaIQ
11.2014-17-05_7

G Data
Gen:Variant.Application.Bundler.DomaIQ
14.5.24

IKARUS anti.virus
AdWare.DomaIQ
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.177.12109

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.3852

Malwarebytes
PUP.Optional.DomalQ
v2014.05.17.04

McAfee
Artemis!BBD8C26960EF
5600.7127

MicroWorld eScan
Gen:Variant.Application.Bundler.DomaIQ.3
15.0.0.411

NANO AntiVirus
Riskware.Win32.DomaIQ.ctlemv
0.28.0.59911

Panda Antivirus
Suspicious file
14.05.17.04

Reason Heuristics
PUP.Awimba.G
14.8.7.18

Sophos
Generic PUA GE
4.98

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
29314

Zillya! Antivirus
Adware.DomaIQ.Win32.127
2.0.0.1791

File size:
322.6 KB (330,360 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\player.exe

Digital Signature
Signed by:
Awimba LLC

Authority:
DigiCert Inc

Valid from:
5/9/2013 8:00:00 PM

Valid to:
5/15/2014 8:00:00 AM

Subject:
CN=Awimba LLC, O=Awimba LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
09A928EF40E9E87418147E2639362A6E

File PE Metadata
Compilation timestamp:
2/14/2014 8:48:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:ZcF8HV21DF6BFDTEkBL7CPpkp3dAT9Czeceb8bahYx:CqHV2sEcXwkp+9Cn

Entry address:
0x1749

Entry point:
E8, F1, 17, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, C0, C1, 40, 00, 89, 0D, BC, C1, 40, 00, 89, 15, B8, C1, 40, 00, 89, 1D, B4, C1, 40, 00, 89, 35, B0, C1, 40, 00, 89, 3D, AC, C1, 40, 00, 66, 8C, 15, D8, C1, 40, 00, 66, 8C, 0D, CC, C1, 40, 00, 66, 8C, 1D, A8, C1, 40, 00, 66, 8C, 05, A4, C1, 40, 00, 66, 8C, 25, A0, C1, 40, 00, 66, 8C, 2D, 9C, C1, 40, 00, 9C, 8F, 05, D0, C1, 40, 00, 8B, 45, 00, A3, C4, C1, 40, 00, 8B, 45, 04, A3, C8, C1, 40, 00, 8D, 45, 08, A3, D4, C1, 40...
 
[+]

Entropy:
6.2830

Code size:
24.5 KB (25,088 bytes)

The file player.exe has been seen being distributed by the following URL.

http://www.lpcloudsvr0100.com/.../Player.exe

Remove player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.