home

player_setup.exe

Tuguu SLU

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application player_setup.exe by Tuguu SLU has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer.
Publisher:
Tuguu SLU  (signed and verified)

MD5:
da16d0dd336a3dbb3cf3d17bac399758

SHA-1:
9c2a0ff4df00c0c9c4e397050a67452837a36e05

SHA-256:
328f538dd17ece89733fe36fd4785a47f0f656132738b27bc67004774d6bd2f6

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Bundles third-party components such as adware in the installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/16/2024 9:34:04 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.137.124

AVG
DomaIQ_r.G
2015.0.3529

Dr.Web
Adware.Downware.2259
9.0.1.079

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9551

herdProtect (fuzzy)
variant of java.exe (Adware)
2014.5.15.4

IKARUS anti.virus
Win32.AdWare
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11510

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.4141

Malwarebytes
PUP.Optional.Domalq
v2014.03.20.06

McAfee
Artemis!01EB38A98103
5600.7185

Panda Antivirus
PUP/MultiToolbar.A
14.03.20.06

Reason Heuristics
PUP.Installer.TuguuSLU.M
14.8.7.21

Rising Antivirus
PE:Malware.DomaIQ!6.1627
23.00.65.14318

Sophos
Generic PUA CD
4.98

Total Defense
Win32/Tnega.KCDcKOB
37.0.10829

Vba32 AntiVirus
TScope.Trojan.MSIL
3.12.24.3

VIPRE Antivirus
DomaIQ
27468

File size:
379.9 KB (388,976 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\player_setup.exe

Digital Signature
Signed by:
Tuguu SLU

Authority:
Thawte, Inc.

Valid from:
3/9/2014 5:00:00 PM

Valid to:
2/21/2015 3:59:59 PM

Subject:
CN=Tuguu SLU, O=Tuguu SLU, L=Adeje, S=S/C de Tenerife, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2257BB279AC4720BA5C67E0D2C578931

File PE Metadata
Compilation timestamp:
3/15/2014 4:17:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:Tf5g6CEAyz5eNueaoG9eFsAiWAWQbx4a5Tk8Yma:Tq6JXz5esb1IFNxf7aWua

Entry address:
0x3446

Entry point:
E8, 22, 2A, 00, 00, E9, 7F, FE, FF, FF, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04, 2B, C1...
 
[+]

Entropy:
6.2325

Code size:
38 KB (38,912 bytes)

Remove player_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.