home

google-chrome.exe

Tuguu S.L.

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application google-chrome.exe by Tuguu S.L has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Tuguu S.L.  (signed and verified)

MD5:
7f7b586abf7749a08577f9e0e2bdcf1f

SHA-1:
65ebb3b55c83efe1cd06ccaf38adddd1692ec5ed

SHA-256:
fa9289caeb9a8aafb48776ae9908d13dde670772da9e618ecb5a4766a9112e2c

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/29/2024 12:17:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DomaIQ.5
995

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.149.220

avast!
Win32:DomaIQ-BF [PUP]
2014.9-140515

AVG
Skodna.Generic
2015.0.3473

Bitdefender
Gen:Variant.Application.Bundler.DomaIQ.3
1.0.20.675

Comodo Security
Application.Win32.DomaIQ.URT
18277

Dr.Web
Trojan.DownLoader9.15042
9.0.1.0135

ESET NOD32
Win32/DomaIQ.AZ (variant)
8.9803

F-Prot
W32/DomaIQ.D3.gen
v6.4.7.1.166

F-Secure
Adware:W32/DomaIQ
11.2014-15-05_5

G Data
Gen:Variant.Application.Bundler.DomaIQ
14.5.24

IKARUS anti.virus
AdWare.DomaIQ
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.177.12095

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.3862

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.05.15.12

McAfee
RDN/Generic PUP.x!brl
5600.7129

MicroWorld eScan
Gen:Variant.Application.Bundler.DomaIQ.3
15.0.0.405

NANO AntiVirus
Trojan.Win32.DomaIQ.ctadmg
0.28.0.59911

Panda Antivirus
PUP/MultiToolbar.A
14.05.15.12

Reason Heuristics
PUP.TuguuSL.N
14.8.7.18

Sophos
DomainIQ pay-per install
4.98

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.0

VIPRE Antivirus
DomaIQ
29236

Zillya! Antivirus
Adware.DomaIQ.Win32.111
2.0.0.1789

File size:
312.5 KB (319,992 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\google-chrome.exe

Digital Signature
Signed by:
Tuguu S.L.

Authority:
Starfield Technologies, Inc.

Valid from:
12/9/2013 3:56:54 PM

Valid to:
12/9/2014 3:56:54 PM

Subject:
CN=Tuguu S.L., O=Tuguu S.L., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B49CE87BAE8BE

File PE Metadata
Compilation timestamp:
1/30/2014 7:50:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:hwbqks+CRoRwGg00jN/wfLEAy8zsH1j05sYUncjIdqIdpx1xmLcgcO9U004NOFVN:hweks+CRE0mfLS8zW1Osdnp1PuJ93PYN

Entry address:
0x1576

Entry point:
E8, CC, 26, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D8, CF, 40, 00, 89, 0D, D4, CF, 40, 00, 89, 15, D0, CF, 40, 00, 89, 1D, CC, CF, 40, 00, 89, 35, C8, CF, 40, 00, 89, 3D, C4, CF, 40, 00, 66, 8C, 15, F0, CF, 40, 00, 66, 8C, 0D, E4, CF, 40, 00, 66, 8C, 1D, C0, CF, 40, 00, 66, 8C, 05, BC, CF, 40, 00, 66, 8C, 25, B8, CF, 40, 00, 66, 8C, 2D, B4, CF, 40, 00, 9C, 8F, 05, E8, CF, 40, 00, 8B, 45, 00, A3, DC, CF, 40, 00, 8B, 45, 04, A3, E0, CF, 40, 00, 8D, 45, 08, A3, EC, CF, 40...
 
[+]

Code size:
30.5 KB (31,232 bytes)

Remove google-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.