home

java.exe

Payments Interactive sl

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application java.exe by Payments Interactive sl has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. With this installer, users are expecting to download the free Oracle Java Runtime but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Payments Interactive sl  (signed and verified)

MD5:
b7df8fa64c23b2350b43e49aa9e3d3cd

SHA-1:
a6364ea10281ddd1fd634922a981025da044e072

SHA-256:
d5ab937e433bf1dff40491acc7e301e289d463819d495779e225404205df1e00

Scanner detections:
24 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/30/2024 10:30:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.947844
974

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.153.118

AVG
Adware DomaIQ.AF
2014.0.3955

Bitdefender
Adware.Generic.947844
1.0.20.785

Dr.Web
Trojan.Packed.24553
9.0.1.05190

Emsisoft Anti-Malware
Adware.Generic.947844
8.14.06.06.07

ESET NOD32
MSIL/DomaIQ.F potentially unwanted application
7.0.302.0

F-Secure
Adware.Generic.947844
11.2014-06-06_6

G Data
Adware.Generic.947844
14.6.24

IKARUS anti.virus
AdWare.DomaIQ
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.1712319

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.DomaIQ
14.0.0.3753

Malwarebytes
PUP.Optional.DomaIQ
v2014.06.06.07

McAfee
Artemis!DC4B5D1F3705
5600.7108

MicroWorld eScan
Adware.Generic.947844
15.0.0.471

NANO AntiVirus
Trojan.Win32.DomaIQ.csnymv
0.28.0.60100

Panda Antivirus
PUP/MultiToolbar.A
14.06.06.07

Quick Heal
AdWare.MSIL.r3 (Not a Virus)
6.14.14.00

Reason Heuristics
PUP.PaymentsInteractivesl.E
14.8.7.23

Sophos
Generic PUA IC
4.98

SUPERAntiSpyware
PUP.DomaIQ/Variant
10560

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.0

VIPRE Antivirus
Threat.4783235
29800

File size:
173.5 KB (177,640 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Digital Signature
Signed by:
Payments Interactive sl

Authority:
GoDaddy.com, Inc.

Valid from:
10/9/2012 9:27:23 PM

Valid to:
10/9/2013 4:10:38 PM

Subject:
CN=Payments Interactive sl, O=Payments Interactive sl, L=Puntagorda, S=S.C Tenerife, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
277606F12C2592

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:boPyys5jXJ6qICWO+y1oGj80RVo6KcwY6n4Bw0BbMeGSk+CuMhC1pGY:bzfNWO+z8PKjY6n4BwIoSk+X5pGY

Entry address:
0x323F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 98, 27, 7A, 00, E8, 09, 2C, 00, 00, A3, E4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, E0, 1E, 7A, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file java.exe has been seen being distributed by the following URL.

http://dlp.123mediaplayer.com/o/259/Java/446/.../23NLYjOY

Remove java.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.