home

player_setup.exe

Payments Interactive SL

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application player_setup.exe by Payments Interactive SL has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer.
Publisher:
Payments Interactive SL  (signed and verified)

MD5:
bf291fecb038d4b5cec84256267f959f

SHA-1:
1fbffed59e359d1f7256f43cb032c7631eab2ebf

SHA-256:
d0b946e45885f0a41673340aef1b699eab5d4f2d7df1c83394a4794e21ab6eee

Scanner detections:
10 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/8/2024 10:49:12 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.150.172

avast!
Win32:DomaIQ-BO [PUP]
140516-1

AVG
Generic
2015.0.3468

ESET NOD32
Win32/DomaIQ.BF potentially unwanted application
7.0.302.0

G Data
Win32.Trojan-Downloader.Lisp
14.5.24

Kaspersky
not-a-virus:AdWare.Win32.Lollipop
14.0.0.3837

Malwarebytes
PUP.Optional.Domalq
v2014.05.20.02

Panda Antivirus
PUP/MultiToolbar.A
14.05.20.02

Reason Heuristics
PUP.Installer.PaymentsInteractiveSL.P
14.8.7.23

VIPRE Antivirus
Threat.4783235
29418

File size:
318.5 KB (326,096 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\player_setup.exe

Digital Signature
Signed by:
Payments Interactive SL

Authority:
GoDaddy.com, Inc.

Valid from:
12/5/2013 3:09:43 PM

Valid to:
12/5/2014 3:09:43 PM

Subject:
CN=Payments Interactive SL, O=Payments Interactive SL, L=Adeje, S=Santa cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4EAD03AB9EAF7D

File PE Metadata
Compilation timestamp:
5/20/2014 11:40:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:7eidHJ777Xe6bqdzG6qPlyJzExT9JanP2QqkbKPnoYqVf:7eidHB/9WdzGSEx5XQDbKPOVf

Entry address:
0x4D24

Entry point:
B8, A8, 9C, 4A, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 70, 65, 63, 4F, 4D, 50, 41, 43, 54, 33, 00, 7F, DB, C9, 82, C0, 11, 02, E2, 89, 81, D3, 95, 0C, 7C, 20, 38, 86, 2A, 03, 03, C8, 99, F3, A4, E6, 2C, 9C, 90, 48, 90, 0C, 6D, B9, 86, 96, 1C, 54, DA, 5F, BA, 79, 42, 2D, 8D, 0A, FA, 7A, 2A, ED, 67, D1, AB, FF, B6, 66, AD, 25, F2, 3B, 02, B5, D4, 24, 85, 80, 46, 4D, EF, AF, 7E, 96, BE, D0, 68, 6D, 3E, 94, 2C, 2A, EA, 15, 97, EF, 7E, 3A, A9, FF, 97, BC, DC, 45, 41, CF...
 
[+]

Code size:
108.5 KB (111,104 bytes)

Remove player_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.