home

new player.exe

Tuguu S.L.

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application new player.exe by Tuguu S.L has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The file has been seen being downloaded from www.lpcloudbox328.com.
Publisher:
Tuguu S.L.  (signed and verified)

MD5:
afc703744673d4553787e99c21eac75d

SHA-1:
5b52134d12e1825961dfd78bcf8ac2e957e955c7

SHA-256:
18da0089ac8e127ed2e67169240f048844118e6e240de188bf4022f1517dd31f

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles third-party components such as adware in the installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 9:42:45 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Lollipop
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.150.74

avast!
DomaIQ-CO [PUP]
140516-1

AVG
Adware DomaIQ.DQ
2014.0.3950

ESET NOD32
Win32/DomaIQ.BF (variant)
8.9817

Kaspersky
not-a-virus:AdWare.Win32.Lollipop
14.0.0.3846

Malwarebytes
PUP.Optional.InstallRex
v2014.05.18.05

McAfee
PUP-FJP!04E311A46B99
5600.7126

Panda Antivirus
PUP/MultiToolbar.A
14.05.18.05

Reason Heuristics
PUP.TuguuSL.K
14.8.7.18

Sophos
Generic PUA LE
4.98

VIPRE Antivirus
Trojan.Win32.Generic
29356

File size:
840.4 KB (860,536 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\new player.exe

Digital Signature
Signed by:
Tuguu S.L.

Authority:
GoDaddy.com, Inc.

Valid from:
3/17/2014 5:54:13 PM

Valid to:
3/17/2015 5:54:13 PM

Subject:
CN=Tuguu S.L., O=Tuguu S.L., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
04084650990A90

File PE Metadata
Compilation timestamp:
5/14/2014 6:51:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:QWnyxeKS518uxPXr8UADJEwIzeNWyMllWDr:Dy0KS5CuxfdSJXDr

Entry address:
0x4DC4

Entry point:
E8, 2F, 34, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 58, E3, 42, 00, FF, 15, 6C, D0, 41, 00, 85, C0, 75, 18, 56, E8, 20, 13, 00, 00, 8B, F0, FF, 15, 50, D0, 41, 00, 50, E8, 6B, 13, 00, 00, 59, 89, 06, 5E, 5D, C3, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, ED, 12, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, 16, 1B, 00, 00, 59, 8B, F8...
 
[+]

Code size:
109 KB (111,616 bytes)

The file new player.exe has been seen being distributed by the following URL.

http://www.lpcloudbox328.com/.../New player.exe

Remove new player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.