home

itunes-11.exe

Tuguu SL

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application itunes-11.exe by Tuguu SL has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. With this installer, users are expecting to download Apple's iTunes but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.
Publisher:
Tuguu SL  (signed and verified)

MD5:
7d84b0a0de513c8e7601766d4c702460

SHA-1:
82af9b305cad80cb711653b6cb38c778c05883ac

SHA-256:
addf0b3cb00e7285e57ee3246f4582a7bdc3ba8c690105a3b1fcc17a778962ea

Scanner detections:
27 / 68

Status:
Adware

Explanation:
Bundles third-party components such as adware in the installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/7/2024 6:59:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.627768
927

Agnitum Outpost
Adware.DomaIQ
7.1.1

AhnLab V3 Security
Adware/Win32.DomaIQ
2014.07.23

Avira AntiVirus
APPL/DomaIQ.Gen7
7.11.163.102

avast!
PUP-gen [PUP]
140617-1

Bitdefender
Adware.Generic.627768
1.0.20.1015

Dr.Web
Trojan.DownLoader10.474
9.0.1.05190

Emsisoft Anti-Malware
Adware.Generic.627768
8.14.07.22.02

ESET NOD32
Win32/DomaIQ.T.gen potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/DomaIQ
7/22/2014

F-Secure
Adware.Generic.627768
11.2014-22-07_3

G Data
Adware.Generic.627768
14.7.24

IKARUS anti.virus
not-a-virus:AdWare.Win32.DomaIQ
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.181.12806

Kaspersky
not-a-virus:AdWare.Win32.DomaIQ
15.0.0.494

Malwarebytes
PUP.Adware.DomaIQ
v2014.07.22.02

McAfee
Artemis!84F73E5EBBC8
5600.7061

MicroWorld eScan
Adware.Generic.627768
15.0.0.609

NANO AntiVirus
Riskware.Win32.DomaIQ.cruvin
0.28.2.60990

Panda Antivirus
PUP/MultiToolbar.A
14.07.22.02

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Quick Heal
AdWare.DomaIQ.r3 (Not a Virus)
7.14.14.00

Reason Heuristics
PUP.TuguuSL.J
14.8.7.18

Sophos
Generic PUA NA
4.98

Trend Micro House Call
TROJ_GE.ADD46B93
7.2.203

Vba32 AntiVirus
AdWare.DomaIQ
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

File size:
535.9 KB (548,768 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Digital Signature
Signed by:
Tuguu SL

Authority:
COMODO CA Limited

Valid from:
3/20/2013 12:00:00 AM

Valid to:
3/20/2014 11:59:59 PM

Subject:
CN=Tuguu SL, O=Tuguu SL, STREET=Avd Barranco de las Torres N10 Oficina 4A, L=Adeje, S=S/C de Tenerife, PostalCode=38670, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F1F4478174C3E164CE93F4AB63CBA287

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:iuoTnfwVQ8076pKJ1P70nsqDGZj8+JYtUKauqpoPV9:ijTnfwVQz+KXB18+Jo7rqCP

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove itunes-11.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.