» virusshare_62a59f458d936778fb46f5e236b5c020
Overview
Analysis
File Details

virusshare_62a59f458d936778fb46f5e236b5c020

Clovermedia SLU

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file virusshare_62a59f458d936778fb46f5e236b5c020 by Clovermedia SLU has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer.

File name:

Publisher:

Clovermedia SLU (signed and verified)

MD5:

62a59f458d936778fb46f5e236b5c020

SHA-1:

b902f34ef8326deb75b58bc5ef804ada45a2ff50

SHA-256:

e8ba556d9dc92edf1e5c3eb6c77eba42b49aeaf4458de1615542d3224d93949b

Scanner detections:

26 / 68

Status:

Adware

Explanation:

Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/19/2024 12:57:39 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.374465

463

Agnitum Outpost

PUA.Lollipop

7.1.1

Avira AntiVirus

APPL/DomaIQ.Gen

7.11.149.242

avast!

Win32:DomaIQ-CC [PUP]

2014.9-151030

AVG

DomaIQ

2016.0.2941

Bitdefender

Gen:Variant.Adware.Kazy.374465

1.0.20.1515

Comodo Security

UnclassifiedMalware

18280

Dr.Web

Trojan.DownLoader11.5325

9.0.1.0303

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.374465

8.15.10.30.08

ESET NOD32

Win32/DomaIQ.BB (variant)

9.9806

Fortinet FortiGate

Adware/MSIL_DomaIQ

10/30/2015

F-Secure

Gen:Variant.Adware.Kazy.374465

11.2015-30-10_6

G Data

Gen:Variant.Adware.Kazy.374465

15.10.24

IKARUS anti.virus

AdWare.SuspectCRC

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.177.12095

Kaspersky

not-a-virus:AdWare.MSIL.DomaIQ

14.0.0.1198

Malwarebytes

PUP.Optional.DomaIQ

v2015.10.30.08

McAfee

PUP-FJS!62A59F458D93

5600.6597

MicroWorld eScan

Gen:Variant.Adware.Kazy.374465

16.0.0.909

Panda Antivirus

Trj/Genetic.gen

15.10.30.08

Reason Heuristics

PUP.Tuguu.ClovermediaU.Bundler (M)

15.10.30.8

Rising Antivirus

PE:Malware.Lollipop!6.1932

23.00.65.151028

Sophos

DomainIQ pay-per install

4.98

Trend Micro House Call

TROJ_GEN.F47V0514

7.2.303

VIPRE Antivirus

Trojan.Win32.Generic

29252

Zillya! Antivirus

Adware.DomaIQ.Win32.253

2.0.0.1789

File size:

488.5 KB (500,232 bytes)

Bundler/Installer:

TUGUU DomaIQ Setup

Digital Signature

Signed by:

Clovermedia SLU

Authority:

VeriSign, Inc.

Valid from:

2/14/2014 1:00:00 AM

Valid to:

2/15/2015 12:59:59 AM

Subject:

CN=Clovermedia SLU, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Clovermedia SLU, L=Adeje, S=Santa Cruz de tenerife, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0524A867F334951775CD16FBB2ED7E9B

File PE Metadata

Compilation timestamp:

5/1/2014 10:36:53 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:MeJpjUTGEsiklJWS4gOqN7YoNKJLf2vTMX4wC93n:TpK0RmxfyTMXbC5

Entry address:

0x447B

Entry point:

E8, 7D, 2D, 00, 00, E9, 39, FE, FF, FF, E9, A0, 18, 00, 00, FF, 35, 68, F6, 42, 00, FF, 15, 80, D0, 41, 00, C3, FF, 35, 68, F6, 42, 00, FF, 15, 80, D0, 41, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, DA, 24, 00, 00, 6A, 01, 6A, 00, E8, 4C, 36, 00, 00, 83, C4, 0C, E9, 63, 36, 00, 00, 55, 8B, EC, 56, FF, 35, 68, F6, 42, 00, FF, 15, 80, D0, 41, 00, FF, 75, 08, 8B, F0, FF, 15, 7C, D0, 41, 00, A3, 68, F6, 42, 00, 8B, C6, 5E, 5D, C3, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 6F, 39, 00, 00, 59, 85, C0, 74, 0F... 
[+]

Code size:

112 KB (114,688 bytes)

Remove virusshare_62a59f458d936778fb46f5e236b5c020 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.