home

samsung-kies.exe

Tuguu S.L.

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application samsung-kies.exe by Tuguu S.L has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The file has been seen being downloaded from downloads.gufile.com.
Publisher:
Tuguu S.L.  (signed and verified)

MD5:
c896cde9294706322c6bda694fce0ad2

SHA-1:
d5ba69d4cd4d1d8cb7b93ffc60d2517a940144d8

SHA-256:
1edde18ede63dfe15dda5355c885e82defb33e3c3ddbee08a81363d28a9c636f

Scanner detections:
27 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/20/2024 2:22:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Adware.Generic.926650
989

AhnLab V3 Security
PUP/Win32.DomaIQ
14.05.21

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.150.226

avast!
DomaIQ-CC [PUP]
140516-1

AVG
Adware DomaIQ.BB
2014.0.3950

Bitdefender
Dropped:Adware.Generic.926650
1.0.20.705

Comodo Security
Application.Win32.DomaIQ.PUQ
18308

Dr.Web
Trojan.DownLoader9.45575
9.0.1.05190

Emsisoft Anti-Malware
Dropped:Adware.Generic.926650
8.14.05.21.08

ESET NOD32
Win32/DomaIQ.BA potentially unwanted application
7.0.302.0

F-Prot
W32/DomaIQ.C.gen
v6.4.7.1.166

F-Secure
Adware:W32/DomaIQ
11.2014-21-05_4

G Data
Dropped:Adware.Generic.926650
14.5.24

IKARUS anti.virus
AdWare.DomaIQ
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.178.12155

Kaspersky
not-a-virus:AdWare.Win32.Lollipop
14.0.0.3831

Malwarebytes
PUP.Optional.DomalQ
v2014.05.21.08

McAfee
Adware-DomaIQ!C896CDE92947
5600.7123

MicroWorld eScan
Dropped:Adware.Generic.926650
15.0.0.423

NANO AntiVirus
Riskware.Win32.Lollipop.cvvfxj
0.28.0.59921

nProtect
Dropped:Adware.Generic.926650
14.05.21.01

Panda Antivirus
PUP/MultiToolbar.A
14.05.21.08

Reason Heuristics
PUP.TuguuSL.M
14.8.7.18

Sophos
DomainIQ pay-per install
4.98

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.0

VIPRE Antivirus
Threat.4783235
29418

Zillya! Antivirus
Adware.DomaIQ.Win32.233
2.0.0.1797

File size:
372.6 KB (381,576 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\samsung-kies.exe

Digital Signature
Signed by:
Tuguu S.L.

Authority:
Starfield Technologies, Inc.

Valid from:
12/9/2013 3:56:54 PM

Valid to:
12/9/2014 3:56:54 PM

Subject:
CN=Tuguu S.L., O=Tuguu S.L., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B49CE87BAE8BE

File PE Metadata
Compilation timestamp:
3/10/2014 1:25:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:Yu9LQqwcT8KcLUCYVkP3LIV1sA7crKuZfMFHbyYMO:YwRwcTLcLAVkPb+1sAVofxO

Entry address:
0x326B

Entry point:
E8, 51, 44, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B...
 
[+]

Code size:
58 KB (59,392 bytes)

The file samsung-kies.exe has been seen being distributed by the following URL.

http://downloads.gufile.com/.../samsung-kies.exe

Remove samsung-kies.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.