setup.exe

Payments Interactive SL

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Payments Interactive SL has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
Payments Interactive SL  (signed and verified)

MD5:
562013eef74e3f02c49711eab3736d80

SHA-1:
879d71c210fed1b8cc5879875285dfd43abfabba

SHA-256:
a65cb5e74fb3876649dbe14da6c4fa2f36a0f5b4c3d3990aaf2e2543958bccb3

Scanner detections:
29 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/28/2024 5:30:30 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DomaIQ.3
953

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.06.28

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.157.100

avast!
PUP-gen [PUP]
140617-1

AVG
Adware Skodna.Bundle_r.Y
2014.0.3972

Baidu Antivirus
Adware.Win32.DomaIQ
4.0.3.14627

Bitdefender
Gen:Variant.Application.Bundler.DomaIQ.3
1.0.20.890

Comodo Security
Application.Win32.DomaIQ.URT
18685

Dr.Web
Trojan.DownLoader9.21779
9.0.1.05190

ESET NOD32
Win32/DomaIQ.AZ potentially unwanted application
7.0.302.0

F-Prot
W32/DomaIQ.D3.gen
v6.4.7.1.166

F-Secure
Adware:W32/DomaIQ
11.2014-27-06_6

G Data
Gen:Variant.Application.Bundler.DomaIQ
14.6.24

IKARUS anti.virus
AdWare.DomaIQ
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.180.12538

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
15.0.0.463

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.06.27.10

McAfee
CryptDomaIQ
5600.7087

MicroWorld eScan
Gen:Variant.Application.Bundler.DomaIQ.3
15.0.0.534

NANO AntiVirus
Trojan.Win32.DomaIQ.ctadmg
0.28.0.60475

Panda Antivirus
PUP/MultiToolbar.A
14.06.27.10

Quick Heal
AdWare.MSIL.r3 (Not a Virus)
6.14.14.00

Reason Heuristics
PUP.Installer.PaymentsInteractiveSL.K
14.8.7.23

Sophos
DomainIQ pay-per install
4.98

SUPERAntiSpyware
Adware.DomaIQ/Variant
10518

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.3

VIPRE Antivirus
Threat.4150696
29708

Zillya! Antivirus
Adware.DomaIQ.Win32.132
2.0.0.1839

File size:
314.1 KB (321,656 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/27/2013 10:00:00 PM

Valid to:
11/28/2014 9:59:59 PM

Subject:
CN=Payments Interactive SL, O=Payments Interactive SL, STREET=Camino las fayeras 1, L=Puntagorda, S=Santa cruz de Tenerife, PostalCode=38789, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D9CDF60C136552E24EDA78215D3EE028

File PE Metadata
Compilation timestamp:
2/6/2014 10:50:03 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:pV24jwnTGLyoE2fsAu6i6xgB1A/QXoCPk96zmOYCB:pV2mwnTyyoE2fsz6xgBu1CpB

Entry address:
0x1573

Entry point:
E8, BF, 26, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D8, CF, 40, 00, 89, 0D, D4, CF, 40, 00, 89, 15, D0, CF, 40, 00, 89, 1D, CC, CF, 40, 00, 89, 35, C8, CF, 40, 00, 89, 3D, C4, CF, 40, 00, 66, 8C, 15, F0, CF, 40, 00, 66, 8C, 0D, E4, CF, 40, 00, 66, 8C, 1D, C0, CF, 40, 00, 66, 8C, 05, BC, CF, 40, 00, 66, 8C, 25, B8, CF, 40, 00, 66, 8C, 2D, B4, CF, 40, 00, 9C, 8F, 05, E8, CF, 40, 00, 8B, 45, 00, A3, DC, CF, 40, 00, 8B, 45, 04, A3, E0, CF, 40, 00, 8D, 45, 08, A3, EC, CF, 40...
 
[+]

Code size:
30.5 KB (31,232 bytes)

Remove setup.exe - Powered by Reason Core Security