microsoft-silverlight.exe

The application microsoft-silverlight.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer, however the file is not signed with an authenticode signature from a trusted source. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from downloads.gufile.com.
MD5:
48893c6330371cd75c3c27dcc45b141f

SHA-1:
2ee9875f737a571448249069cff527c733ba0cb4

SHA-256:
d23b2aeec0a37477c158126d0bc14db095d73b913676446a08ce0af7ecaf227d

Scanner detections:
20 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/9/2024 12:50:45 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.DomaIQ.J
861

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.07.10

Avira AntiVirus
APPL/DomaIQ.cpb
7.11.159.224

avast!
Win32:DomaIQ-BS [PUP]
2014.9-140926

AVG
Downloader.Generic13.CIAR.dropper
2015.0.3267

Bitdefender
Application.Bundler.DomaIQ.J
1.0.20.1345

Emsisoft Anti-Malware
Application.Bundler.DomaIQ.Q
14.09.26

ESET NOD32
Win32/DomaIQ.BK (variant)
8.10075

F-Secure
Application.Bundler.DomaIQ
11.2014-26-09_6

G Data
Application.Bundler.DomaIQ
14.9.24

herdProtect (fuzzy)
2014.12.8.11

K7 AntiVirus
Unwanted-Program
13.180.12683

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.DomaIQ
14.0.0.2829

Malwarebytes
PUP.Optional.Dropper.BL
v2014.12.08.06

McAfee
CryptDomaIQ
5600.6923

Microsoft Security Essentials
TrojanDownloader:Win32/Tugspay.A
1.10701

MicroWorld eScan
Application.Bundler.DomaIQ.J
15.0.0.807

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10336

Total Defense
Win32/Tnega.FTPFKOB
37.0.11200

VIPRE Antivirus
Trojan.Win32.Generic
31144

File size:
302.2 KB (309,432 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\microsoft-silverlight.exe

File PE Metadata
Compilation timestamp:
7/7/2014 4:47:05 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:b+LjhEB1aWggNOpqY8zzBZ9iEVXZZNTlCdXxiI0Y3:b+Llmdgg4nyXZZZNT6hXn

Entry address:
0x24FB

Entry point:
B8, 24, 45, 4C, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 72, 74, 34, 67, 33, 76, 62, 6E, 79, 33, 00, B4, E4, 29, E3, D1, CA, F1, AE, F6, 03, C9, 28, 49, 32, 00, 28, B1, 7D, 2E, 03, 46, BE, 83, 9E, CC, DF, 89, 69, AF, D8, C9, 65, 75, 99, FC, 96, 61, 9B, 4F, 93, 35, 85, 5A, 0A, 72, 1A, 44, 65, DA, A2, CB, 95, 43, 97, E6, 41, 68, D3, 73, DE, D3, C9, E2, D7, 78, 8F, FC, AE, 25, 63, 02, 7F, 66, 27, 16, 9D, A6, F9, 4B, EC, EA, D6, 7E, 59, E4, D3, EC, E2, 7A, 10, F1, 83, 9B...
 
[+]

Entropy:
7.9882  (probably packed)

Code size:
109.5 KB (112,128 bytes)

The file microsoft-silverlight.exe has been seen being distributed by the following URL.

Remove microsoft-silverlight.exe - Powered by Reason Core Security