Setup_V2.exe

Lunacom Interactive Ltd

This is part of the Tuguu DomaIQ , a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application Setup_V2.exe by Lunacom Interactive has been detected as adware by 21 anti-malware scanners. The file has been seen being downloaded from dlp.videoplayernow.com.
Publisher:
Lunacom Interactive Ltd  (signed and verified)

MD5:
487e5aa87cbb18ebae26b51240e59326

SHA-1:
dfef793c5ee42b933deb45b88b9a8c270be6a17c

SHA-256:
298105235ec44af7b6daf1fdfc691a16db8d4f10b4d4c4e5b63a025e549d22a1

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:
12/26/2024 9:06:20 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.139070
1021

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.143.98

avast!
Win32:DomaIQ-T [PUP]
2014.9-140420

AVG
DomaIQ
2015.0.3505

Bitdefender
Gen:Variant.Adware.Graftor.139070
1.0.20.550

Comodo Security
Application.Win32.DomaIQ.PUP
18104

Dr.Web
Adware.Downware.2630
9.0.1.0104

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.139070
8.14.04.20.11

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9673

F-Secure
Gen:Variant.Adware.Graftor.139070
11.2014-20-04_1

G Data
Gen:Variant.Adware.Graftor.139070
14.4.24

K7 AntiVirus
Unwanted-Program
13.176.11737

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.4018

Malwarebytes
PUP.Optional.DomaIQ
v2014.04.14.09

MicroWorld eScan
Gen:Variant.Adware.Graftor.139070
15.0.0.330

Norman
DomaIQ.CERT
11.20140414

Panda Antivirus
PUP/MultiToolbar.A
14.04.14.09

Reason Heuristics
PUP.Installer.LunacomInteractive.I
14.4.13.17

Sophos
DomainIQ pay-per install
4.98

VIPRE Antivirus
DomaIQ
28214

File size:
620.3 KB (635,224 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup_v2.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/5/2013 8:00:00 PM

Valid to:
12/5/2014 6:59:59 PM

Subject:
CN=Lunacom Interactive Ltd, OU="Raul Valenberg 6, ", OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lunacom Interactive Ltd, L=Tel Aviv-Jaffa, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
15E496383F5A0396A7AD86D85850D5BB

File PE Metadata
Compilation timestamp:
4/11/2014 7:55:38 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:m7L7anD8b/2lQbZtUaQ9e0CjGO5951fWjjkcwZEV1lJwrYv:ASnD8rAe0CjGA9fWXkclV1lJb

Entry address:
0x2E4D

Entry point:
E8, FC, 1E, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 82, 04, 00, 00, 3B, 0D, AC, 31, 42, 00, 75, 02, F3, C3, E9, 73, 1F, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, C3, 25, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 31, 25, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 9E, 25, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 2B, 20, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D...
 
[+]

Entropy:
5.9314

Code size:
111 KB (113,664 bytes)

The file Setup_V2.exe has been seen being distributed by the following URL.

Remove Setup_V2.exe - Powered by Reason Core Security