home

flashplayer_v.149150152b.exe

TUGUU SL

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application flashplayer_v.149150152b.exe by TUGUU SL has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The installer is marketed through download protals and search ads as the free Adobe Flash Player but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
TUGUU SL  (signed and verified)

MD5:
e2bf3826487b7ca5954f53ec2ce3eb91

SHA-1:
694677411848b220c94b044b1fbaf3731942fa02

SHA-256:
8393514b70954e049cc004d64ee59213dcd40049163bc9d994db79f3cf155fe0

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Uses the InstallIQ download installer to bundle various adware offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 6:53:27 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.DomaIQ
2014.01.07

Avira AntiVirus
APPL/DomaIQ.Gen7
7.11.123.202

avast!
NSIS:DomaIQ-C [PUP]
2014.9-140224

AVG
Agent.L
2015.0.3553

Bkav FE
W32.Clod1ea.Trojan
1.3.0.4613

Comodo Security
ApplicUnwnt
17565

Dr.Web
Adware.W3i.29
9.0.1.055

ESET NOD32
Win32/DomaIQ
8.9257

Fortinet FortiGate
W32/DomaIQ.E
2/24/2014

IKARUS anti.virus
AdWare.DomaIQ
t3scan.2.2.29

K7 AntiVirus
Trojan
13.175.10750

Kaspersky
not-a-virus:AdWare.Win32.DomaIQ
14.0.0.4261

Malwarebytes
PUP.FakeFlash.Domaiq
v2014.02.24.06

McAfee
Artemis!E2BF3826487B
5600.7209

Norman
Suspicious_Gen4.ERZRG
11.20140224

Panda Antivirus
Adware/MultiToolbar
14.02.24.06

Reason Heuristics
PUP.TUGUUSL.X
14.8.7.18

Sophos
Generic PUA CF
4.96

Vba32 AntiVirus
TScope.Trojan.MSIL
3.12.24.3

VIPRE Antivirus
DomaIQ
25154

File size:
420.4 KB (430,520 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Digital Signature
Signed by:
TUGUU SL

Authority:
GoDaddy.com, Inc.

Valid from:
5/3/2013 10:24:02 AM

Valid to:
5/3/2014 10:24:02 AM

Subject:
CN=TUGUU SL, O=TUGUU SL, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2776B257979F9A

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:yseuA8ChB93DMOMSypVW0mu3FTGPT7uvKXcstYFSuxGjomddsjeAzjonlTi:0uAfWOypDR3FKqVFSaOHsjeAz

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9396

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flashplayer_v.149150152b.exe has been seen being distributed by the following 2 URLs.

http://cp.yourmplayer.com/pasarela/affp/.../PubID=1002_1000&ClickID=1432980065

http://dls.nicdls.com/p/151/FlashPlayer/338/.../V.149150152b

Remove flashplayer_v.149150152b.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.