google-chrome.exe

Payments Interactive SL

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application google-chrome.exe by Payments Interactive SL has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. With this installer, users are expecting to download Google's Chrome web browser but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Payments Interactive SL  (signed and verified)

MD5:
9e1bd6123b8aba9b354cf8979f33a9bf

SHA-1:
db25f3f8949c7c4a0b4b437ca590189cef853c1d

SHA-256:
15021baec6cb3c8fe863c7de54ad4e8c76ffae40cc929ddc361ff74cad4589a7

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 4:24:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.139070
1021

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.142.186

avast!
Win32:Installer-AH [PUP]
2014.9-140411

AVG
MalSign.Generic
2015.0.3508

Bitdefender
Gen:Variant.Adware.Graftor.139070
1.0.20.550

Comodo Security
Application.Win32.DomaIQ.PUP
18086

Dr.Web
Adware.Downware.2630
9.0.1.0110

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.139070
8.14.04.20.11

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9665

F-Secure
Gen:Variant.Adware.Graftor.139070
11.2014-20-04_1

G Data
Gen:Variant.Adware.Graftor.139070
14.4.24

K7 AntiVirus
Unwanted-Program
13.176.11721

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.3988

Malwarebytes
PUP.Optional.DomaIQ
v2014.04.20.11

MicroWorld eScan
Gen:Variant.Adware.Graftor.139070
15.0.0.330

Panda Antivirus
PUP/MultiToolbar.A
14.04.11.10

Reason Heuristics
PUP.PaymentsInteractiveSL.N
14.8.7.23

Sophos
DomainIQ pay-per install
4.98

VIPRE Antivirus
DomaIQ
28194

File size:
620.4 KB (635,328 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\google-chrome.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
10/14/2013 8:00:00 PM

Valid to:
12/19/2014 7:00:00 AM

Subject:
CN=Payments Interactive SL, O=Payments Interactive SL, L=Puntagorda, S=Santa Cruz de Tenerife / Canarias, C=ES

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
060CE3456FDDB3F98DA9EDA1B876842F

File PE Metadata
Compilation timestamp:
4/11/2014 7:55:38 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:m8L7anD8b/2lQbZtUaQ9e0CjGO5951fWjjkcwZEV1lJw7YHz:vSnD8rAe0CjGA9fWXkclV1lJ7z

Entry address:
0x2E4D

Entry point:
E8, FC, 1E, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 82, 04, 00, 00, 3B, 0D, AC, 31, 42, 00, 75, 02, F3, C3, E9, 73, 1F, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, C3, 25, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 31, 25, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 9E, 25, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 2B, 20, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D...
 
[+]

Entropy:
5.9280

Code size:
111 KB (113,664 bytes)

The file google-chrome.exe has been seen being distributed by the following URL.

Remove google-chrome.exe - Powered by Reason Core Security