google-chrome.exe

Payments Interactive sl

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application google-chrome.exe by Payments Interactive sl has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Payments Interactive sl  (signed and verified)

MD5:
f1237271be17716c32d024405242dbf3

SHA-1:
28f653b54016809689d1b29f031ed5941bceb647

SHA-256:
ea057f894804ff23791528e0b6f0ea7904e41965592ec16fd6f09827b8cd745f

Scanner detections:
28 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 5:35:40 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.DomaIQ.Q
836

AegisLab AV Signature
AdWare.MSIL.DomaIQ
2.1.4+

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
Win-PUP/DomaIQ.Gen
2014.10.22

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.180.60

avast!
PUP-gen [PUP]
141003-0

Bitdefender
Application.Bundler.DomaIQ.Q
1.0.20.1470

Dr.Web
Trojan.Packed.24553
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.DomaIQ.Q
14.10.21

ESET NOD32
MSIL/DomaIQ.F potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/PUP_x
10/21/2014

F-Secure
Application.Bundler.DomaIQ
11.2014-21-10_3

G Data
Application.Bundler.DomaIQ
14.10.24

K7 AntiVirus
Unwanted-Program
13.184.13741

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
15.0.0.494

Malwarebytes
PUP.Optional.DomaIQ
v2014.10.21.04

McAfee
RDN/Generic PUP.x!bjd
5600.6970

MicroWorld eScan
Application.Bundler.DomaIQ.Q
15.0.0.882

NANO AntiVirus
Trojan.Win32.DomaIQ.dcjnvf
0.28.2.62841

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Quick Heal
AdWare.MSIL.r3 (Not a Virus)
10.14.14.00

Reason Heuristics
PUP.PaymentsInteractivesl.N
14.10.21.15

Sophos
Generic PUA GM
4.98

SUPERAntiSpyware
PUP.DomaIQ/Variant
10286

Trend Micro House Call
TROJ_SPNR.0CBG14
7.2.294

Trend Micro
TROJ_SPNR.0CBG14
10.465.21

Vba32 AntiVirus
AdWare.MSIL.DomaIQ.bgt
3.12.26.3

VIPRE Antivirus
Threat.4783262
33706

File size:
175.9 KB (180,128 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\google-chrome.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
10/9/2012 3:27:23 PM

Valid to:
10/9/2013 10:10:38 AM

Subject:
CN=Payments Interactive sl, O=Payments Interactive sl, L=Puntagorda, S=S.C Tenerife, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
277606F12C2592

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:8oPyys5jXJ6qICi7k+YbyjPWbezBJBDsDm2/gCtU22j68NFZq6035VR2Ol9SUoIh:8zfNi7lYba9zfBg62Ia5abZp0HDrSjIh

Entry address:
0x323F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.7189

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file google-chrome.exe has been seen being distributed by the following URL.

Remove google-chrome.exe - Powered by Reason Core Security