home

google-chrome_v.117918700c.exe

TUGUU SL

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application google-chrome_v.117918700c.exe by TUGUU SL has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
TUGUU SL  (signed and verified)

MD5:
0f6d47410a9841afc087a5eef04d2dac

SHA-1:
21439a7b9441b9c08ea84b523b93df25e46f5241

SHA-256:
d1113f050d41e05509c11117e3aff7cbbb4ce4a5f0f8c2d0f10c96b8932952e9

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Uses the InstallIQ download installer to bundle various adware offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/24/2024 3:51:10 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.151.204

avast!
NSIS:DomaIQ-C [PUP]
2014.9-140804

AVG
DomalQ
2015.0.3392

Comodo Security
ApplicUnwnt
18347

Dr.Web
Adware.W3i.29
9.0.1.0216

ESET NOD32
Win32/DomaIQ
8.9857

K7 AntiVirus
Trojan
13.178.12212

NANO AntiVirus
Riskware.Base64.DomaIQ.cwpnap
0.28.0.59921

Norman
Suspicious_Gen4.ERZRG
11.20140804

Panda Antivirus
PUP/MultiToolbar.A
14.08.04.12

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.TUGUUSL.Z
14.8.7.18

Sophos
DomainIQ pay-per install
4.98

Vba32 AntiVirus
TScope.Trojan.MSIL
3.12.26.0

VIPRE Antivirus
DomaIQ
29676

File size:
420.4 KB (430,464 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\google-chrome_v.117918700c.exe

Digital Signature
Signed by:
TUGUU SL

Authority:
GoDaddy.com, Inc.

Valid from:
5/3/2013 1:24:02 PM

Valid to:
5/3/2014 1:24:02 PM

Subject:
CN=TUGUU SL, O=TUGUU SL, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2776B257979F9A

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:8FRmZiOXBJVCXQAxBGuqh3OIy3Z6PZiM5:8FsdDy/qjy3Z6v5

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9404

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file google-chrome_v.117918700c.exe has been seen being distributed by the following 26 URLs.

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.06c28ab0

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.06ed0962

http://dls.nicdls.com/p/85/google-chrome/195/.../V.118608452c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.0711d244

http://dls.nicdls.com/p/85/google-chrome/195/.../V.118607937c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.0711d041

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.07820581

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.06c2f85d

http://dls.nicdls.com/p/85/google-chrome/195/.../V.114432473c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.06d219d9

http://dls.nicdls.com/p/85/google-chrome/195/.../V.129947906c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.07bed902

http://dls.nicdls.com/p/85/google-chrome/195/.../V.129935588c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.07bea8e4

http://dls.nicdls.com/p/85/google-chrome/195/.../V.130444217c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.07c66bb9

http://dls.nicdls.com/p/85/google-chrome/195/.../V.130444121c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.07c66b59

http://dls.nicdls.com/p/85/google-chrome/195/.../V.130444069c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.07c66b25

http://dls.nicdls.com/p/85/google-chrome/195/.../V.114354422c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.06d0e8f6

http://dls.nicdls.com/p/85/google-chrome/195/.../V.114353503c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.06d0e55f

http://dls.nicdls.com/p/85/google-chrome/195/.../V.114353365c

http://cp.nicdls.com/pasarela/doma/dls.nicdls.com/p/85/google-chrome/195/.../574.56.79.06d0e4d5

Remove google-chrome_v.117918700c.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.