java.exe

Clovermedia SL

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application java.exe by Clovermedia SL has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The installer is marketed through download protals and search ads as the free Oracle Java Runtime but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Clovermedia SL  (signed and verified)

MD5:
2f856e4d459962e91a245ae10f51cc78

SHA-1:
40c613354c49124254e5fa4de5965e9f5f557235

SHA-256:
fdd2cc5645e5e7004a383418310db0e97302f9c34e47e56e686807090f686513

Scanner detections:
20 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/28/2024 5:00:16 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.941455
1002

Agnitum Outpost
PUA.Lollipop
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.147.170

AVG
DomaIQ
2015.0.3480

Bitdefender
Adware.Generic.941455
1.0.20.640

Dr.Web
Trojan.Packed.26636
9.0.1.0128

Emsisoft Anti-Malware
Adware.Generic.941455
8.14.05.08.06

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9760

F-Secure
Adware.Generic.941455
11.2014-08-05_5

G Data
Adware.Generic.941455
14.5.24

K7 AntiVirus
Unwanted-Program
13.177.12013

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.3911

Malwarebytes
PUP.Optional.DomaIQ
v2014.05.05.05

McAfee
PUP-FJP!592AF1822EE8
5600.7136

MicroWorld eScan
Adware.Generic.941455
15.0.0.384

Panda Antivirus
Trj/Genetic.gen
14.05.05.05

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.ClovermediaSL.E
14.5.5.16

Sophos
Generic PUA FA
4.98

VIPRE Antivirus
DomaIQ
28896

File size:
800.5 KB (819,696 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\java.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
4/29/2014 2:14:21 PM

Valid to:
4/30/2015 2:14:21 PM

Subject:
E=media@clovermediainter.com, CN=Clovermedia SL, O=Clovermedia SL, S=Tenerife, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121FAB97DC7FB0477755E47A50ECFDC36A0

File PE Metadata
Compilation timestamp:
5/5/2014 12:51:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:O8pVRWw6fX9+wfupc32/zBj5dy7H5cmaduICyIOspJI5qt3td:OOVcftjfqrNn2W8I/IOMzt3td

Entry address:
0x3D77

Entry point:
E8, 61, 2D, 00, 00, E9, 39, FE, FF, FF, E9, 8E, 13, 00, 00, 3B, 0D, 20, 82, 42, 00, 75, 02, F3, C3, E9, 8D, 36, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 4C, CF, 42, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 28, 82, 42, 00, 01, 0F, 82, DA, 04, 00, 00, 0F...
 
[+]

Code size:
110 KB (112,640 bytes)

Remove java.exe - Powered by Reason Core Security