home

setup.exe

tuguu sl

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by tuguu sl has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
tuguu sl  (signed and verified)

MD5:
5c9059116e385f8c25a515b5b704469c

SHA-1:
0618ebf2e4b7b19d0b17ae744507db54511dd132

SHA-256:
429f6ec2d55b5fdcbda9b4199a9e5da0f04891b01af945061ff5436d5e4d831e

Scanner detections:
31 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/23/2024 9:32:02 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Adware.Generic.655825
5826990

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.11.23

Avira AntiVirus
APPL/DomaIQ.Gen2
7.11.188.58

avast!
Win32:DomaIQ-CM [PUP]
141119-1

AVG
Adware Skodna.Generic_r.HZ
2014.0.4189

Bitdefender
Dropped:Adware.Generic.655825
1.0.20.1630

Clam AntiVirus
Win.Adware.Domaiq-47
0.98/21511

Comodo Security
Application.Win32.Agent.D
20164

Dr.Web
Trojan.PayInt.9
9.0.1.05190

Emsisoft Anti-Malware
Dropped:Adware.Generic.655825
9.0.0.4570

ESET NOD32
MSIL/DomaIQ.N potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/DomaIQ
11/22/2014

F-Prot
W32/DomaIQ.B.gen
v6.4.7.1.166

F-Secure
Adware:W32/DomaIQ
11.2014-22-11_7

G Data
Dropped:Adware.Generic.655825
14.11.24

K7 AntiVirus
Unwanted-Program
13.185.14098

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
15.0.0.543

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.11.22.06

McAfee
Adware-DomaIQ
5600.6938

MicroWorld eScan
Dropped:Adware.Generic.655825
15.0.0.978

NANO AntiVirus
Riskware.Win32.PayInt.cscjoi
0.28.6.63474

nProtect
Trojan-Clicker/W32.Agent.469416
14.11.21.01

Panda Antivirus
PUP/MultiToolbar.A
14.11.22.06

Quick Heal
Adware.Domal.A5
11.14.14.00

Reason Heuristics
PUP.Installer.tuguusl.F
14.11.22.18

Rising Antivirus
PE:PUF.DomaIQ!1.9EEB
23.00.65.141120

Sophos
DomainIQ pay-per install
4.98

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.3

VIPRE Antivirus
Threat.4783235
35010

Zillya! Antivirus
Adware.Lollipop.Win32.118
2.0.0.1991

File size:
458.4 KB (469,416 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
tuguu sl

Authority:
GoDaddy.com, Inc.

Valid from:
6/13/2013 3:06:55 PM

Valid to:
6/13/2014 3:06:55 PM

Subject:
CN=tuguu sl, O=tuguu sl, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B632A0CF95E4D

File PE Metadata
Compilation timestamp:
12/27/2013 12:55:46 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:GRnMgvVPOf0ZRfGM65Tzh3WEg8YSqcf2h3gLUawo1XeiWMmbAgUoYu:iOfsRfV65fg8pfORawo05JUS

Entry address:
0xD182

Entry point:
E8, C4, 63, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 38, 43, 42, 00, E8, C4, 04, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 58, A8, 42, 00, 77, 22, 6A, 04, E8, AF, 65, 00, 00, 59, 83, 65, FC, 00, 56, E8, B6, 6D, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, D0, 04, 00, 00, C3, 6A, 04, E8, AA, 64, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 70, F0, 41, 00, 83, 3D, 1C, A5, 42, 00, 00, 75, 18, E8, 6A, 5C, 00...
 
[+]

Entropy:
7.4241

Code size:
119.5 KB (122,368 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.