google-chrome.exe

Payments Interactive SL

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application google-chrome.exe by Payments Interactive SL has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Payments Interactive SL  (signed and verified)

MD5:
f88309dcf241d497ebd35a386aa3bfcb

SHA-1:
7cabdd1cc7d306fa0b629fcf201508caa603124f

SHA-256:
0a7025d176d2660f6cb9db057648c207921228953540dc4e6bd5831d3972d3f3

Scanner detections:
26 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 5:30:48 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Generic.11413408
837

AegisLab AV Signature
AdWare.MSIL.DomaIQ
2.1.4+

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
Win-PUP/DomaIQ.Gen
2014.10.21

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.179.234

avast!
DomaIQ-BO [PUP]
141003-0

AVG
Adware DomaIQ.DJ
2014.0.4040

Bitdefender
Dropped:Trojan.Generic.11413408
1.0.20.1465

Dr.Web
Trojan.Packed.25008
9.0.1.05190

Emsisoft Anti-Malware
Dropped:Trojan.Generic.11413408
8.14.10.20.06

ESET NOD32
Win32/DomaIQ.AK potentially unwanted application
7.0.302.0

F-Prot
W32/A-f735a5e0
v6.4.7.1.166

F-Secure
Dropped:Trojan.Generic.11413408
11.2014-20-10_2

G Data
Dropped:Trojan.Generic.11413408
14.10.24

IKARUS anti.virus
not-a-virus:AdWare.Win32.DomaIQ
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.184.13741

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3071

McAfee
CryptDomaIQ
5600.6971

MicroWorld eScan
Dropped:Trojan.Generic.11413408
15.0.0.879

NANO AntiVirus
Trojan.Win32.Agent.ddrpmp
0.28.2.62841

Quick Heal
Adware.DomaIQ.BT5
10.14.14.00

Reason Heuristics
PUP.PaymentsInteractiveSL.N
14.10.20.17

Sophos
DomainIQ pay-per install
4.98

Vba32 AntiVirus
OScope.Downware.DomaIQ
3.12.26.3

VIPRE Antivirus
Threat.4783235
33706

Zillya! Antivirus
Adware.DomaIQ.Win32.313
2.0.0.1960

File size:
541.1 KB (554,096 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\google-chrome.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
10/14/2013 8:00:00 PM

Valid to:
12/19/2014 7:00:00 AM

Subject:
CN=Payments Interactive SL, O=Payments Interactive SL, L=Puntagorda, S=Santa Cruz de Tenerife / Canarias, C=ES

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
060CE3456FDDB3F98DA9EDA1B876842F

File PE Metadata
Compilation timestamp:
10/23/2013 6:14:18 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:R5I7rswLGjMm46TTbA9w3fNeCNusMV3Ahay:RO9qjMmTbik1eGPMFiH

Entry address:
0xD206

Entry point:
E8, AE, 59, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 98, 34, 42, 00, E8, C0, 04, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 90, A8, 42, 00, 77, 22, 6A, 04, E8, 99, 5B, 00, 00, 59, 83, 65, FC, 00, 56, E8, A0, 63, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, CC, 04, 00, 00, C3, 6A, 04, E8, 94, 5A, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 98, E0, 41, 00, 83, 3D, 34, 95, 42, 00, 00, 75, 18, E8, 60, 51, 00...
 
[+]

Entropy:
7.3932

Code size:
112.5 KB (115,200 bytes)

The file google-chrome.exe has been seen being distributed by the following URL.

Remove google-chrome.exe - Powered by Reason Core Security