player.exe

Payments Interactive SL

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application player.exe by Payments Interactive SL has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from dlp.cloudfile002.com.
Publisher:
Payments Interactive SL  (signed and verified)

MD5:
dbdb65ee9b512c6b82b7a9d084027d74

SHA-1:
6052a36c71e0c18d93f68d4c4a65d3299a4bfe58

SHA-256:
9e35c4197ae49a5715be9decb71543f2aa11314e66ef772483534b4fb243857a

Scanner detections:
21 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/29/2024 9:11:36 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
14.04.15

Avira AntiVirus
APPL/DomaIQ.AUP
7.11.143.156

avast!
Win32:DomaIQ-BD [PUP]
2014.9-140415

AVG
Skodna.Bundle_r.T
2015.0.3503

Comodo Security
Application.Win32.DomaIQ.X
18110

Dr.Web
Adware.Downware.2011
9.0.1.0105

ESET NOD32
Win32/DomaIQ.AY.gen (variant)
8.9680

F-Secure
Adware:W32/DomaIQ
11.2014-15-04_3

K7 AntiVirus
Unwanted-Program
13.176.11770

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.4012

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.04.15.01

McAfee
RDN/Generic.bfr!gd
5600.7159

NANO AntiVirus
Riskware.Win32.DomaIQ.cspmgz
0.28.0.59288

Panda Antivirus
PUP/MultiToolbar.A
14.04.15.01

Quick Heal
Adware.Domal.A5
4.14.12.00

Reason Heuristics
PUP.PaymentsInteractiveSL.G
14.8.7.23

Rising Antivirus
PE:PUF.DomaIQ!1.9DE0
23.00.65.14413

Sophos
Generic PUA EB
4.98

Vba32 AntiVirus
AdWare.MSIL.DomaIQ
3.12.26.0

VIPRE Antivirus
DomaIQ
28256

File size:
454.6 KB (465,536 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\player.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
10/14/2013 8:00:00 PM

Valid to:
12/19/2014 7:00:00 AM

Subject:
CN=Payments Interactive SL, O=Payments Interactive SL, L=Puntagorda, S=Santa Cruz de Tenerife / Canarias, C=ES

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
060CE3456FDDB3F98DA9EDA1B876842F

File PE Metadata
Compilation timestamp:
1/17/2014 12:50:27 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:ZvaqS4IR/kviXzd45seH6zdi69hxMwjPVl0x55TurrU41APIJgU6Xozwdab0BXlX:U/kviXzdcH6N9h/Vl45aPU4EEkdBblR

Entry address:
0xC4D7

Entry point:
E8, 10, 56, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 60, 21, 42, 00, E8, 6F, 09, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 60, 88, 42, 00, 77, 22, 6A, 04, E8, FB, 57, 00, 00, 59, 83, 65, FC, 00, 56, E8, 02, 60, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 7B, 09, 00, 00, C3, 6A, 04, E8, F6, 56, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 70, D0, 41, 00, 83, 3D, 14, 84, 42, 00, 00, 75, 18, E8, 18, 49, 00...
 
[+]

Entropy:
7.3683

Code size:
110.5 KB (113,152 bytes)

The file player.exe has been seen being distributed by the following URL.

Remove player.exe - Powered by Reason Core Security