home

setup.exe

Tuguu S.L.U.

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu S.L.U has been detected as adware by 35 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
Tuguu S.L.U.  (signed and verified)

MD5:
7ff5a5ddd96fd8fbdf53d20144f7854f

SHA-1:
0c84b26b7cdf7ee222ed0d7c20a2138f7d317083

SHA-256:
e140222dc73e2a2b3e745e0b3bb56779f41e6a99c428ac01fea2e433a4f93727

Scanner detections:
35 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/1/2024 5:25:11 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11530025
861

Agnitum Outpost
Adware.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.09.27

Avira AntiVirus
APPL/DomaIQ.Gen2
7.11.174.236

avast!
Win32:DomaIQ-BO [PUP]
2014.9-141208

AVG
Adware Skodna.Generic_r
2015.0.3339

Bitdefender
Trojan.Generic.11530025
1.0.20.1345

Clam AntiVirus
Win.Adware.Domaiq-13
0.98/19441

Comodo Security
Application.Win32.DMIQ.A
19626

Dr.Web
Trojan.PayInt.4
9.0.1.0269

Emsisoft Anti-Malware
Trojan.Generic.11530025
8.14.09.26.09

ESET NOD32
Win32/DomaIQ.AY.gen potentially unwanted application
8.7.0.302.0

Fortinet FortiGate
Adware/DomaIQ
9/26/2014

F-Prot
W32/A-99153ce2
v6.4.7.1.166

F-Secure
Trojan.Generic.11530025
11.2014-26-09_6

G Data
Trojan.Generic.11530025
14.9.24

herdProtect (fuzzy)
variant of java.exe (Adware)
2014.12.8.18

IKARUS anti.virus
AdWare.DomaIQ
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.183.13504

Kaspersky
not-a-virus:AdWare.Win32.DomaIQ
14.0.0.3191

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.09.26.09

McAfee
CryptDomaIQ
5600.6995

MicroWorld eScan
Trojan.Generic.11530025
15.0.0.807

NANO AntiVirus
Riskware.Win32.DomaIQ.crbkiq
0.28.2.62286

nProtect
Trojan-Clicker/W32.DomaIQ.519656
14.09.26.01

Panda Antivirus
PUP/MultiToolbar.A
14.09.26.09

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Quick Heal
Adware.Domal.A5
9.14.14.00

Reason Heuristics
PUP.Installer.TuguuSLU.F
14.9.26.21

Rising Antivirus
PE:PUF.DomaIQ!1.9EEB
23.00.65.14924

Sophos
DomainIQ pay-per install
4.98

SUPERAntiSpyware
PUP.DomalIQ/Variant
10335

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.3

VIPRE Antivirus
Threat.4150696
32938

Zillya! Antivirus
Adware.DomaIQ.Win32.31
2.0.0.1934

File size:
507.5 KB (519,656 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Tuguu S.L.U.

Authority:
VeriSign, Inc.

Valid from:
8/28/2013 1:00:00 AM

Valid to:
8/28/2014 12:59:59 AM

Subject:
CN=Tuguu S.L.U., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tuguu S.L.U., L=Adeje, S=SANTA CRUZ DE TENERIFE, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
21FCDE5EAE401DF690786A73C48E74F8

File PE Metadata
Compilation timestamp:
12/13/2013 11:55:29 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:hhWGS92iz3lpWgDfZrltgO+LEarjR5vGM6:rS9/zDZrltt+Lpr/ud

Entry address:
0xD141

Entry point:
E8, CB, 63, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 08, 43, 42, 00, E8, C5, 04, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 58, A8, 42, 00, 77, 22, 6A, 04, E8, B6, 65, 00, 00, 59, 83, 65, FC, 00, 56, E8, BD, 6D, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, D1, 04, 00, 00, C3, 6A, 04, E8, B1, 64, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 80, F0, 41, 00, 83, 3D, 1C, A5, 42, 00, 00, 75, 18, E8, 71, 5C, 00...
 
[+]

Entropy:
7.4374

Code size:
119.5 KB (122,368 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.