home

player_setup.exe

Tuguu SL

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application player_setup.exe by Tuguu SL has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The file has been seen being downloaded from www.lpcloudbox30.com.
Publisher:
Tuguu SL  (signed and verified)

MD5:
f845b590bcdbd62c2875e1685fe8b7ca

SHA-1:
4f52cdb8072749ec9d783c969d99c2c0fa01ca2e

SHA-256:
10b1b7944301d64d650280c7369cfdca83ffbfe78a15b4787d0e5d446a5330a2

Scanner detections:
26 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 2:52:36 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.602430
1008

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
14.05.02

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.146.224

avast!
Win32:DomaIQ-BM [PUP]
2014.9-140502

AVG
DomaIQ.X
2015.0.3486

Bitdefender
Application.Generic.602430
1.0.20.610

Comodo Security
Application.Win32.DomaIQ.PUP
18206

Dr.Web
Adware.Downware.2215
9.0.1.0122

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9752

F-Secure
Adware:W32/DomaIQ
11.2014-02-05_6

G Data
Application.Generic.602430
14.5.24

IKARUS anti.virus
AdWare.DomaIQ
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.177.11965

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.3926

Malwarebytes
PUP.Optional.DomaIQ
v2014.05.02.08

McAfee
PUP-FJP!FFDE0F5AEFA1
5600.7142

MicroWorld eScan
Application.Generic.602430
15.0.0.366

NANO AntiVirus
Riskware.Win32.Downware.cvxwqj
0.28.0.59608

Panda Antivirus
PUP/MultiToolbar.A
14.05.02.08

Reason Heuristics
PUP.Installer.TuguuSL.M
14.8.7.18

Rising Antivirus
PE:Malware.DomaIQ!6.1543
23.00.65.14430

Sophos
DomainIQ pay-per install
4.98

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.0

VIPRE Antivirus
DomaIQ
28798

Zillya! Antivirus
Adware.DomaIQ.Win32.178
2.0.0.1775

File size:
386.2 KB (395,496 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\player_setup.exe

Digital Signature
Signed by:
Tuguu SL

Authority:
COMODO CA Limited

Valid from:
3/19/2013 5:00:00 PM

Valid to:
3/20/2014 4:59:59 PM

Subject:
CN=Tuguu SL, O=Tuguu SL, STREET=Avd Barranco de las Torres N10 Oficina 4A, L=Adeje, S=S/C de Tenerife, PostalCode=38670, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F1F4478174C3E164CE93F4AB63CBA287

File PE Metadata
Compilation timestamp:
3/4/2014 8:53:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:qSI5kqTzKcS2iJQoRPXHge7+zssn38HPhd5CnbjUW8pE1YW:spTzxSFQoRPXgeCsYMf3WuE7

Entry address:
0x30ED

Entry point:
E8, B2, 3B, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3...
 
[+]

Entropy:
6.2641

Code size:
55 KB (56,320 bytes)

The file player_setup.exe has been seen being distributed by the following URL.

http://www.lpcloudbox30.com/.../Player_Setup.exe

Remove player_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.