» setup.exe
Overview
Analysis
File Details

setup.exe

Payments Interactive SL

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Payments Interactive SL has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.

File name:

setup.exe

Publisher:

Payments Interactive SL (signed and verified)

MD5:

562013eef74e3f02c49711eab3736d80

SHA-1:

879d71c210fed1b8cc5879875285dfd43abfabba

SHA-256:

a65cb5e74fb3876649dbe14da6c4fa2f36a0f5b4c3d3990aaf2e2543958bccb3

Scanner detections:

29 / 68

Status:

Adware

Explanation:

Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/8/2024 6:56:14 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.DomaIQ.3

953

Agnitum Outpost

PUA.DomaIQ

7.1.1

AhnLab V3 Security

PUP/Win32.DomaIQ

2014.06.28

Avira AntiVirus

APPL/DomaIQ.Gen

7.11.157.100

avast!

PUP-gen [PUP]

140617-1

AVG

Adware Skodna.Bundle_r.Y

2014.0.3972

Baidu Antivirus

Adware.Win32.DomaIQ

4.0.3.14627

Bitdefender

Gen:Variant.Application.Bundler.DomaIQ.3

1.0.20.890

Comodo Security

Application.Win32.DomaIQ.URT

18685

Dr.Web

Trojan.DownLoader9.21779

9.0.1.05190

ESET NOD32

Win32/DomaIQ.AZ potentially unwanted application

7.0.302.0

F-Prot

W32/DomaIQ.D3.gen

v6.4.7.1.166

F-Secure

Adware:W32/DomaIQ

11.2014-27-06_6

G Data

Gen:Variant.Application.Bundler.DomaIQ

14.6.24

IKARUS anti.virus

AdWare.DomaIQ

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.180.12538

Kaspersky

not-a-virus:AdWare.MSIL.DomaIQ

15.0.0.463

Malwarebytes

PUP.Optional.BundleInstaller.A

v2014.06.27.10

McAfee

CryptDomaIQ

5600.7087

MicroWorld eScan

Gen:Variant.Application.Bundler.DomaIQ.3

15.0.0.534

NANO AntiVirus

Trojan.Win32.DomaIQ.ctadmg

0.28.0.60475

Panda Antivirus

PUP/MultiToolbar.A

14.06.27.10

Quick Heal

AdWare.MSIL.r3 (Not a Virus)

6.14.14.00

Reason Heuristics

PUP.Installer.PaymentsInteractiveSL.K

14.8.7.23

Sophos

DomainIQ pay-per install

4.98

SUPERAntiSpyware

Adware.DomaIQ/Variant

10518

Vba32 AntiVirus

BScope.Downware.DomaIQ

3.12.26.3

VIPRE Antivirus

Threat.4150696

29708

Zillya! Antivirus

Adware.DomaIQ.Win32.132

2.0.0.1839

File size:

314.1 KB (321,656 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Payments Interactive SL

Authority:

COMODO CA Limited

Valid from:

11/27/2013 10:00:00 PM

Valid to:

11/28/2014 9:59:59 PM

Subject:

CN=Payments Interactive SL, O=Payments Interactive SL, STREET=Camino las fayeras 1, L=Puntagorda, S=Santa cruz de Tenerife, PostalCode=38789, C=ES

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D9CDF60C136552E24EDA78215D3EE028

File PE Metadata

Compilation timestamp:

2/6/2014 10:50:03 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:pV24jwnTGLyoE2fsAu6i6xgB1A/QXoCPk96zmOYCB:pV2mwnTyyoE2fsz6xgBu1CpB

Entry address:

0x1573

Entry point:

E8, BF, 26, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D8, CF, 40, 00, 89, 0D, D4, CF, 40, 00, 89, 15, D0, CF, 40, 00, 89, 1D, CC, CF, 40, 00, 89, 35, C8, CF, 40, 00, 89, 3D, C4, CF, 40, 00, 66, 8C, 15, F0, CF, 40, 00, 66, 8C, 0D, E4, CF, 40, 00, 66, 8C, 1D, C0, CF, 40, 00, 66, 8C, 05, BC, CF, 40, 00, 66, 8C, 25, B8, CF, 40, 00, 66, 8C, 2D, B4, CF, 40, 00, 9C, 8F, 05, E8, CF, 40, 00, 8B, 45, 00, A3, DC, CF, 40, 00, 8B, 45, 04, A3, E0, CF, 40, 00, 8D, 45, 08, A3, EC, CF, 40... 
[+]

Code size:

30.5 KB (31,232 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.