home

player_plugin.exe

Tuguu S.L.

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application player_plugin.exe by Tuguu S.L has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
Tuguu S.L.  (signed and verified)

MD5:
333ef9c4656bf383687dca05c3fea9fd

SHA-1:
f1de0aa4dda028a106131ab6632cce7998ef96da

SHA-256:
5a2acc40b8a02eb5fbfabbfad72f3d5b989a13d4726fe3dc7ceaf8ab55876c78

Scanner detections:
12 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/8/2024 4:27:47 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.DomaIQ
7.1.1

Bitdefender
Dropped:Adware.Generic.663375
1.0.20.1330

F-Prot
W32/DomaIQ.B.gen
v6.4.7.1.166

herdProtect (fuzzy)
variant of java.exe (Adware)
2015.9.23.7

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.1383

Malwarebytes
PUP.Optional.BundleInstaller.A
v2015.09.23.07

McAfee
Adware-DomaIQ!4375A216A4A1
5600.6634

MicroWorld eScan
Dropped:Adware.Generic.663375
16.0.0.798

NANO AntiVirus
Trojan.Win32.PayInt.csjgrm
0.28.0.58491

nProtect
Dropped:Adware.Generic.663375
14.03.24.01

Quick Heal
Adware.Domal.A5
9.15.12.00

Reason Heuristics
PUP.Tuguu.Bundler (M)
15.8.12.8

File size:
458.6 KB (469,560 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\player_plugin.exe

Digital Signature
Signed by:
Tuguu S.L.

Authority:
DigiCert Inc

Valid from:
5/13/2013 8:00:00 PM

Valid to:
7/18/2014 8:00:00 AM

Subject:
CN=Tuguu S.L., OU=U B76539535, O=Tuguu S.L., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08EC69B75B2FE31EC2C53E0E441AC0E1

File PE Metadata
Compilation timestamp:
1/6/2014 6:03:51 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:QHFn/5EIFfwnb4ylKxh5Vn5TKLjgp8cAe4WDc46wCWFGmxllgMeN+anWl9TYK:cFfGb41xtn5ufgpLA46w5NlS3Wl9p

Entry address:
0xD182

Entry point:
E8, C4, 63, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 18, 43, 42, 00, E8, C4, 04, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 58, A8, 42, 00, 77, 22, 6A, 04, E8, AF, 65, 00, 00, 59, 83, 65, FC, 00, 56, E8, B6, 6D, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, D0, 04, 00, 00, C3, 6A, 04, E8, AA, 64, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 70, F0, 41, 00, 83, 3D, 1C, A5, 42, 00, 00, 75, 18, E8, 6A, 5C, 00...
 
[+]

Entropy:
7.4197

Code size:
119.5 KB (122,368 bytes)

The file player_plugin.exe has been seen being distributed by the following URL.

http://ttb.famdls.com/download/request/.../G9YdQwv4

Remove player_plugin.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.