» player_plugin.exe
Overview
Analysis
File Details
Downloads (1)

player_plugin.exe

Tuguu SL

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application player_plugin.exe by Tuguu SL has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.

File name:

player_plugin.exe

Publisher:

Tuguu SL (signed and verified)

MD5:

5d8a1b9136c9ce2e246d38c70e0deca3

SHA-1:

550a7d0b61345c20e7f86832ca8a82939d52d714

SHA-256:

c8a80b726249e6f2f58f3991e352eb1c9fd4e2dd32cb481b7b5d93e31b5224e5

Scanner detections:

28 / 68

Status:

Adware

Explanation:

Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 6:50:35 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Adware.Generic.676575

1031

Agnitum Outpost

PUA.DomaIQ

7.1.1

AhnLab V3 Security

PUP/Win32.DomaIQ

14.04.09

Avira AntiVirus

APPL/DomaIQ.B

7.11.142.58

avast!

Win32:PUP-gen [PUP]

2014.9-140409

AVG

Skodna.Bundle_r.T

2015.0.3509

Bitdefender

Dropped:Adware.Generic.676575

1.0.20.495

Comodo Security

Application.Win32.DomaIQ.X

18076

Dr.Web

Trojan.PayInt.31

9.0.1.099

Emsisoft Anti-Malware

Dropped:Adware.Generic.676575

8.14.04.09.02

ESET NOD32

Win32/DomaIQ.AY.gen (variant)

8.9656

F-Secure

Adware:W32/DomaIQ

11.2014-09-04_4

G Data

Dropped:Adware.Generic.676575

14.4.24

IKARUS anti.virus

AdWare.Installer

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.176.11711

Kaspersky

not-a-virus:AdWare.MSIL.DomaIQ

14.0.0.4042

Malwarebytes

PUP.Optional.BundleInstaller.A

v2014.04.09.02

McAfee

RDN/Generic.bfr!fq

5600.7165

MicroWorld eScan

Dropped:Adware.Generic.676575

15.0.0.297

NANO AntiVirus

Riskware.Win32.DomaIQ.cspmgz

0.28.0.59048

nProtect

Dropped:Adware.Generic.676575

14.04.09.01

Panda Antivirus

PUP/MultiToolbar.A

14.04.09.02

Quick Heal

Adware.Domal.A5

4.14.12.00

Reason Heuristics

PUP.TuguuSL.N

14.8.7.18

Rising Antivirus

PE:PUF.DomaIQ!1.9DE0

23.00.65.14407

Sophos

DomainIQ pay-per install

4.98

Vba32 AntiVirus

BScope.Downware.DomaIQ

3.12.26.0

VIPRE Antivirus

DomaIQ

28168

File size:

451.6 KB (462,432 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\player_plugin.exe

Digital Signature

Signed by:

Tuguu SL

Authority:

COMODO CA Limited

Valid from:

3/19/2013 8:00:00 PM

Valid to:

3/20/2014 7:59:59 PM

Subject:

CN=Tuguu SL, O=Tuguu SL, STREET=Avd Barranco de las Torres N10 Oficina 4A, L=Adeje, S=S/C de Tenerife, PostalCode=38670, C=ES

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F1F4478174C3E164CE93F4AB63CBA287

File PE Metadata

Compilation timestamp:

1/20/2014 6:14:36 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:CvaqS4IR/kviXzd4N6qJFldlibYOlU/glqmOgDVL5ul94BhunZQpLzms7VFPcY2:x/kviXzdyGYr/eDVL5ul2unZatK

Entry address:

0xC4D7

Entry point:

E8, 10, 56, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 60, 21, 42, 00, E8, 6F, 09, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 60, 88, 42, 00, 77, 22, 6A, 04, E8, FB, 57, 00, 00, 59, 83, 65, FC, 00, 56, E8, 02, 60, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 7B, 09, 00, 00, C3, 6A, 04, E8, F6, 56, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 70, D0, 41, 00, 83, 3D, 14, 84, 42, 00, 00, 75, 18, E8, 18, 49, 00... 
[+]

Entropy:

7.3667

Code size:

110.5 KB (113,152 bytes)

The file player_plugin.exe has been seen being distributed by the following URL.

http://dlp.cloudsvr500.com/C_UVdaCMMczbbgrNgPlVC_vxQSfOkzbAJsxSXlXop2DyAxR5SZvnag6xelkImjG3C0Jt8i8d4Lr-TY6CekeuUOVCVK6VAjRWSX1YoW1IyQI

Remove player_plugin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.