home

minecraft-forge.exe

TUGUU, SL

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application minecraft-forge.exe by TUGUU, SL has been detected as adware by 36 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The installer is marketed through download protals and search ads as Minecraft but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
TUGUU, SL  (signed and verified)

MD5:
156235e3cff48c1743eb03f83a0efa1c

SHA-1:
7eb591b6d5da24477c909bc443ee49899bd8d53e

SHA-256:
08df2408cf1a2b9c626a4443331da92d2cc0d3b7667cfba6a39a137ae81ad1c5

Scanner detections:
36 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 4:58:21 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.DomaIQ.Q
5535153

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2015.05.22

Avira AntiVirus
PUA/DomaIQ.Gen
8.3.1.6

avast!
PUP-gen [PUP]
150521-0

AVG
Adware DomaIQ_r.I
2014.0.4311

Bitdefender
Application.Bundler.DomaIQ.Q
1.0.20.710

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Domaiq-206
0.98/20496

Comodo Security
Application.Win32.DomaIQ.PUR
22205

Dr.Web
Trojan.MulDrop5.13477
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.DomaIQ.Q
10.0.0.5366

ESET NOD32
Win32/DomaIQ.BB potentially unwanted (variant)
9.11665

Fortinet FortiGate
Adware/DomaIQ
5/22/2015

F-Prot
W32/A-3a7e8079
v6.4.7.1.166

F-Secure
Adware:W32/DomaIQ
5.14.151

G Data
Application.Bundler.DomaIQ
15.5.25

IKARUS anti.virus
Application.Hidden_Key
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.204.15985

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
15.0.0.543

Malwarebytes
Adware.DomaIQ
v2015.05.22.03

McAfee
Program.CryptDomaIQ
18.0.204.0

Microsoft Security Essentials
TrojanDownloader:Win32/Tugspay.A
1.199.229.0

MicroWorld eScan
Application.Bundler.DomaIQ.Q
16.0.0.426

NANO AntiVirus
Riskware.Win32.Lolipop.cvzhot
0.30.24.1636

Norman
Application.Bundler.DomaIQ.Q
03.12.2014 13:20:04

nProtect
Trojan-Clicker/W32.Agent.564256
15.05.21.01

Panda Antivirus
Trj/Genetic.gen
15.05.22.03

Quick Heal
Adware.DomaIQ.BT5
5.15.14.00

Reason Heuristics
PUP.Tuguu.Bundler
15.5.21.22

Rising Antivirus
PE:Trojan.Win32.Generic.16AB1FFC!380313596
23.00.65.15520

Sophos
PUA 'DomainIQ pay-per install'
5.14

SUPERAntiSpyware
Adware.DomalIQ/Variant
9861

Total Defense
Win32/DomainIQ.BHfYaLD
37.1.62.1

VIPRE Antivirus
Threat.4150696
40432

Zillya! Antivirus
Adware.DomaIQ.Win32.198
2.0.0.2187

File size:
551 KB (564,256 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\minecraft-forge.exe

Digital Signature
Signed by:
TUGUU, SL

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 6:00:00 PM

Valid to:
11/27/2014 5:59:59 PM

Subject:
CN="TUGUU, SL", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="TUGUU, SL", L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1DE894C9D18A7BB0CFA10F699F31A9A4

File PE Metadata
Compilation timestamp:
3/28/2014 5:10:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:lsWPjZjMU4p+P2DSZ21TbYFfzEp8gw28WV2Gd4+Sn6U8QHYrT15YD:lNtjMU3Wa65bwWjAiQHAT1C

Entry address:
0x3C66

Entry point:
E8, 37, 2C, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, BC, 74, 41, 00, FF, 15, 6C, B0, 40, 00, 85, C0, 75, 18, 56, E8, 4B, 0C, 00, 00, 8B, F0, FF, 15, 50, B0, 40, 00, 50, E8, 50, 0C, 00, 00, 59, 89, 06, 5E, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 88, 71, 41, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA...
 
[+]

Entropy:
5.6702

Code size:
40 KB (40,960 bytes)

The file minecraft-forge.exe has been seen being distributed by the following URL.

http://www.filejab.com/.../minecraft-forge.exe

Remove minecraft-forge.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.