home

ask-com-toolbar.exe

Tuguu S.L.

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application ask-com-toolbar.exe by Tuguu S.L has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The file has been seen being downloaded from downloads.gufile.com.
Publisher:
Tuguu S.L.  (signed and verified)

MD5:
474a03696821339f0cfafa4fb3c4cbfb

SHA-1:
75a27eee6e85c882628ae21b83f5557597be2544

SHA-256:
22b49f7c35e1f51f05d0ee557abb06be67948e9e1bb29da47764f66661d62a87

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles third-party components such as adware in the installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/24/2024 7:21:32 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.135.30

AVG
DomaIQ.W
2015.0.3544

ESET NOD32
Win32/DomaIQ.BA (variant)
8.9506

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.4214

Malwarebytes
PUP.Optional.DomaIQ
v2014.03.06.05

Panda Antivirus
PUP/MultiToolbar.A
14.03.06.05

Reason Heuristics
PUP.TuguuSL.P
14.8.7.18

Rising Antivirus
PE:Malware.DomaIQ!6.1543
23.00.65.14304

Sophos
Generic PUA CH
4.98

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.24.3

VIPRE Antivirus
DomaIQ
27128

File size:
388.7 KB (397,992 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\ask-com-toolbar.exe

Digital Signature
Signed by:
Tuguu S.L.

Authority:
Starfield Technologies, Inc.

Valid from:
12/9/2013 6:56:54 AM

Valid to:
12/9/2014 6:56:54 AM

Subject:
CN=Tuguu S.L., O=Tuguu S.L., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B49CE87BAE8BE

File PE Metadata
Compilation timestamp:
3/4/2014 8:53:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:+SI5kqTzKcS2iJQoRPXHge7+zssn38HPhd5CnbjUW8pELYsH:YpTzxSFQoRPXgeCsYMf3WuExH

Entry address:
0x30ED

Entry point:
E8, B2, 3B, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3...
 
[+]

Entropy:
6.2756

Code size:
55 KB (56,320 bytes)

The file ask-com-toolbar.exe has been seen being distributed by the following URL.

http://downloads.gufile.com/.../ask-com-toolbar.exe

Remove ask-com-toolbar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.