home

dvd-decrypter.exe

TUGUU SL

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application dvd-decrypter.exe by TUGUU SL has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The file has been seen being downloaded from dl.topsoft.co.uk.
Publisher:
TUGUU SL  (signed and verified)

MD5:
2025c86eaeb5546e9f0eeaa6e1fe2f1c

SHA-1:
df03f8c0dd380aba2bea2e1ab96e9406287ea694

SHA-256:
43f5c2edc34f5eb16c28fcbca319457af450c0bbfea08d0b2d57c88fd0d81e04

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Uses the InstallIQ download installer to bundle various adware offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/24/2024 2:43:57 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.DomaIQ
7.1.1

avast!
DomaIQ-T [PUP]
141023-1

Dr.Web
Adware.W3i.29
9.0.1.05190

ESET NOD32
Win32/DomaIQ.A potentially unwanted application
7.0.302.0

G Data
NSIS.Application.DomalQ
14.10.24

IKARUS anti.virus
AdWare.Win32.DomaIQ
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.185.13789

NANO AntiVirus
Riskware.Win32.MultiToolbar.cumktg
0.28.2.62841

Reason Heuristics
PUP.TUGUUSL.N
14.10.24.19

Sophos
DomainIQ pay-per install
4.98

VIPRE Antivirus
DomaIQ
34220

File size:
362.3 KB (370,952 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\dvd-decrypter.exe

Digital Signature
Signed by:
TUGUU SL

Authority:
GoDaddy.com, Inc.

Valid from:
5/3/2012 4:02:02 PM

Valid to:
5/3/2013 4:02:02 PM

Subject:
CN=TUGUU SL, O=TUGUU SL, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
079402776DB199

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:hsKV5gniIFagpiou+4k1yak6WHKV7i5fNKo3zRInv71UX8RMKGaCybEX/oBX4Vvd:BV5gniIFagpiou+4k1yaktHKVgfNKo3H

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.3645

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file dvd-decrypter.exe has been seen being distributed by the following URL.

http://dl.topsoft.co.uk/download.php/62/233/dvd-decrypter/.../214

Remove dvd-decrypter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.