» player_setup.exe
Overview
Analysis
File Details
Downloads (1)

player_setup.exe

Setup

Tuguu S.L.U.

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application player_setup.exe by Tuguu S.L.U has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.

File name:

player_setup.exe

Publisher:

Tuguu S.L.U. (signed and verified)

Product:

Setup

Version:

1.0.0

MD5:

0c1706e3d5fcd605c437d084db1b33ef

SHA-1:

63481d6ab1d794204b3e6380612569efe3fe423e

SHA-256:

e6b2468f5cb8f7d547fb6bd0184ac7115ffde7d4830b40c7eb9aa855405679e0

Scanner detections:

31 / 68

Status:

Adware

Explanation:

Uses the InstallIQ download installer to bundle various adware offers.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/23/2024 1:19:18 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.DomaIQ.Q

369

Agnitum Outpost

PUA.DomaIQ

7.1.1

AhnLab V3 Security

PUP/Win32.DomaIQ

2015.02.18

Avira AntiVirus

APPL/DomaIQ.Gen7

7.11.210.216

avast!

PUP-gen [PUP]

2014.9-160201

AVG

Adware Skodna.Generic_c

2017.0.2847

Bitdefender

Application.Bundler.DomaIQ.Q

1.0.20.160

Comodo Security

Application.Win32.DomaIQ.H

21106

Dr.Web

Adware.W3i.51

9.0.1.032

Emsisoft Anti-Malware

Application.Bundler.DomaIQ.Q

8.16.02.01.10

ESET NOD32

Win32/DomaIQ.AG potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

Adware/DomaIQ_AG

2/1/2016

F-Secure

Riskware.Application.Bundler.DomaIQ

11.2016-01-02_2

G Data

Application.Bundler.DomaIQ

16.2.25

IKARUS anti.virus

Skodna.SuspectCRC

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.195.14984

Kaspersky

not-a-virus:Downloader.NSIS.DomaIQ

14.0.0.728

Malwarebytes

PUP.Optional.BundleInstaller.A

v2016.02.01.10

McAfee

Trojan.Artemis!46754D98AFEA

5600.6503

MicroWorld eScan

Application.Bundler.DomaIQ.Q

17.0.0.96

NANO AntiVirus

Riskware.Win32.DomaIQ.cvvfhb

0.30.0.65070

Norman

Application.Bundler.DomaIQ.Q

11.20160201

nProtect

Trojan-Clicker/W32.DomaIQ.841896

15.02.16.01

Panda Antivirus

PUP/MultiToolbar.A

16.02.01.10

Reason Heuristics

PUP.Tuguu.TuguuU.Bundler (M)

16.2.1.10

Rising Antivirus

PE:Trojan.Win32.Generic.15EA349C!367670428

23.00.65.16130

Sophos

PUA 'DomainIQ pay-per install'

5.10

Trend Micro House Call

TROJ_GE.A996996A

7.2.32

Trend Micro

TROJ_GE.A996996A

10.465.01

VIPRE Antivirus

Threat.4150696

36694

Zillya! Antivirus

Adware.DomaIQ.Win32.400

2.0.0.2071

File size:

822.1 KB (841,872 bytes)

Tuguu S.L.U.

Trademarks:

Tuguu S.L.U. 2013

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\player_setup.exe

Digital Signature

Signed by:

Tuguu S.L.U.

Authority:

VeriSign, Inc.

Valid from:

8/27/2013 7:00:00 PM

Valid to:

8/27/2014 6:59:59 PM

Subject:

CN=Tuguu S.L.U., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tuguu S.L.U., L=Adeje, S=SANTA CRUZ DE TENERIFE, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

21FCDE5EAE401DF690786A73C48E74F8

File PE Metadata

Compilation timestamp:

12/5/2009 4:50:29 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:qquuJ3z/jvPAcHtbL2uzpazN3uaLUMEpsr6IS3O2h96cm7tsfx9NWIhKUHdXZV:/ui3r8cNbpzwB+awMi23SAc5GIcWdXZV

Entry address:

0x30DE

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 27, 7A, 00, E8, F1, 2B, 00, 00, A3, A4, 26, 7A, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 68, DC, 79, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, A0, 1E, 7A, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 80, 7A, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9685

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file player_setup.exe has been seen being distributed by the following URL.

http://ttb.latestvideoplayer.com/download/request/.../FodUQ1SG?ClickID=5bf789ae78906bbf43f1e9e47ae108ef&PubID=CD4349

Remove player_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.