roblox.exe

Payments Interactive SL

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application roblox.exe by Payments Interactive SL has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The file has been seen being downloaded from ttb.adcdls.com.
Publisher:
Payments Interactive SL  (signed and verified)

MD5:
5006f6fe04b13ceaec36d9b321fe0cdd

SHA-1:
3fa67096b792d1b0e957165e04a979d0353aa010

SHA-256:
24d6636c79d2d4a18ea73b31b250a738507d22fc6ae406c9f4492c5eb3294b02

Scanner detections:
7 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 4:30:39 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.134.58

Dr.Web
Trojan.MulDrop5.9989
9.0.1.061

ESET NOD32
Win32/DomaIQ.BA (variant)
8.9491

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.4230

Malwarebytes
PUP.Optional.Domalq
v2014.03.02.10

Panda Antivirus
PUP/MultiToolbar.A
14.03.02.10

Reason Heuristics
PUP.PaymentsInteractiveSL.G
14.8.7.23

File size:
367.8 KB (376,632 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\roblox.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
2/7/2014 5:58:55 AM

Valid to:
2/7/2015 5:58:55 AM

Subject:
CN=Payments Interactive SL, O=Payments Interactive SL, L=Adeje, S=Santa cruz de Tenerife, C=ES

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B974AA267457F

File PE Metadata
Compilation timestamp:
3/1/2014 1:10:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:dWpkbJvLBgM4QoRmQ3BxbEhlgB+djvXHQ5bjVO8x56Yuk:KI1LBg9QoRmQxxbylqgvXHQbOm5gk

Entry address:
0x377B

Entry point:
E8, BB, 55, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, CC, 63, 41, 00, FF, 15, 60, 00, 41, 00, 85, C0, 75, 18, 56, E8, 35, 42, 00, 00, 8B, F0, FF, 15, 5C, 00, 41, 00, 50, E8, E5, 41, 00, 00, 59, 89, 06, 5E, 5D, C3, 6A, 0C, 68, A8, 2D, 41, 00, E8, 65, 42, 00, 00, 6A, 0E, E8, 7E, 57, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, EC, 57, 41, 00, BA, E8, 57, 41, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A...
 
[+]

Entropy:
6.4097

Code size:
57 KB (58,368 bytes)

The file roblox.exe has been seen being distributed by the following URL.

Remove roblox.exe - Powered by Reason Core Security