home

player.exe

Tuguu S.L

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application player.exe by Tuguu S.L has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Tuguu S.L  (signed and verified)

MD5:
4cde5542c1eb01688c7bd84520af2481

SHA-1:
8c182b14e2baf0e1d3a11af49ff6655d6399ab70

SHA-256:
22478fd2a39fbdafd97ff460388c565e231d200ec61474461d86fc73fa51e225

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Bundles third-party components such as adware in the installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/24/2024 3:22:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DomaIQ.7
993

Agnitum Outpost
PUA.Lollipop
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
14.05.18

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.150.60

avast!
DomaIQ-CC [PUP]
140516-1

AVG
DomaIQ.DI
2014.0.3950

Bitdefender
Gen:Variant.Application.Bundler.DomaIQ.8
1.0.20.690

Comodo Security
Application.Win32.DomaIQ.CC
18286

Dr.Web
Trojan.Packed.26717
9.0.1.0138

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9815

F-Secure
Gen:Variant.Application.Bundler
11.2014-18-05_1

G Data
Gen:Variant.Application.Bundler.DomaIQ
14.5.24

IKARUS anti.virus
PUA.Tugus
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.177.12109

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.3849

Malwarebytes
PUP.Optional.DomaIQ
v2014.05.18.05

McAfee
PUP-FJV!4CDE5542C1EB
5600.7127

MicroWorld eScan
Gen:Variant.Application.Bundler.DomaIQ.8
15.0.0.414

Panda Antivirus
Trj/Genetic.gen
14.05.18.05

Reason Heuristics
PUP.TuguuSL.G
14.5.18.4

Sophos
Generic PUA KD
4.98

VIPRE Antivirus
Trojan.Win32.Generic
29334

File size:
483 KB (494,584 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\player.exe

Digital Signature
Signed by:
Tuguu S.L

Authority:
GlobalSign nv-sa

Valid from:
12/3/2013 4:13:51 PM

Valid to:
12/4/2014 4:13:51 PM

Subject:
E=victor.camacho@tuguu.com, CN=Tuguu S.L, O=Tuguu S.L, L=Adeje, S=Tenerife, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121111958C6091E136AAD058195A273968F

File PE Metadata
Compilation timestamp:
5/8/2014 10:31:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:gWRaLyP7muHusP03zuO4sk08lj5R6WnFNVwhDtHbuKRF7LbPdQ0rYi:gfyPauHusmzcTVoRHq0F7VQ0R

Entry address:
0x3EFF

Entry point:
E8, 49, 2D, 00, 00, E9, 39, FE, FF, FF, E9, 74, 13, 00, 00, 3B, 0D, 20, 72, 42, 00, 75, 02, F3, C3, E9, 75, 36, 00, 00, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 6C, 9A, 42, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 28, 72, 42, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 6C, 9A, 42, 00, 00, 0F...
 
[+]

Code size:
107.5 KB (110,080 bytes)

The file player.exe has been seen being distributed by the following URL.

http://www.lpcloudbox413.com/.../Player.exe

Remove player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.