google-chrome.exe

Payments Interactive SL

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application google-chrome.exe by Payments Interactive SL has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Payments Interactive SL  (signed and verified)

MD5:
358d4a93e61bb6a6b26b738fb0021778

SHA-1:
b1788a8436351174bdb33415fd99060b785671ce

SHA-256:
382b0812c2c62f3ca490c04ed2435bcc8a28a5e1c9a94061d0d84bfce2220850

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 3:27:57 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.139070
1021

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.142.186

avast!
Win32:Installer-AH [PUP]
2014.9-140411

AVG
MalSign.Generic
2015.0.3508

Bitdefender
Gen:Variant.Adware.Graftor.139070
1.0.20.550

Comodo Security
Application.Win32.DomaIQ.PUP
18086

Dr.Web
Adware.Downware.2630
9.0.1.0110

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.139070
8.14.04.20.11

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9665

F-Secure
Gen:Variant.Adware.Graftor.139070
11.2014-20-04_1

G Data
Gen:Variant.Adware.Graftor.139070
14.4.24

K7 AntiVirus
Unwanted-Program
13.176.11721

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.3988

Malwarebytes
PUP.Optional.DomaIQ
v2014.04.20.11

MicroWorld eScan
Gen:Variant.Adware.Graftor.139070
15.0.0.330

Panda Antivirus
PUP/MultiToolbar.A
14.04.11.10

Reason Heuristics
PUP.PaymentsInteractiveSL.N
14.8.7.23

Sophos
DomainIQ pay-per install
4.98

VIPRE Antivirus
DomaIQ
28194

File size:
620.4 KB (635,328 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\google-chrome.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
10/14/2013 8:00:00 PM

Valid to:
12/19/2014 7:00:00 AM

Subject:
CN=Payments Interactive SL, O=Payments Interactive SL, L=Puntagorda, S=Santa Cruz de Tenerife / Canarias, C=ES

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
060CE3456FDDB3F98DA9EDA1B876842F

File PE Metadata
Compilation timestamp:
4/11/2014 7:55:38 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:m8L7anD8b/2lQbZtUaQ9e0CjGO5951fWjjkcwZEV1lJw7YCG:vSnD8rAe0CjGA9fWXkclV1lJ+G

Entry address:
0x2E4D

Entry point:
E8, FC, 1E, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 82, 04, 00, 00, 3B, 0D, AC, 31, 42, 00, 75, 02, F3, C3, E9, 73, 1F, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, C3, 25, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 31, 25, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 9E, 25, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 2B, 20, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D...
 
[+]

Entropy:
5.9280

Code size:
111 KB (113,664 bytes)

The file google-chrome.exe has been seen being distributed by the following URL.

Remove google-chrome.exe - Powered by Reason Core Security