» setup.exe
Overview
Analysis
File Details
Downloads (2)

setup.exe

Tuguu S.L.

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu S.L has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The file has been seen being downloaded from dlp.getvideoplayer.com and multiple other hosts.

File name:

setup.exe

Publisher:

Tuguu S.L. (signed and verified)

MD5:

baf890b0a818ffa2fc87334df2a50b3b

SHA-1:

241431a9aeb82d66599894b862691b9508803f9a

SHA-256:

71789393f068d90b5bf4252847547d9b5812990d6f8fbe797aac8fc066ea9a87

Scanner detections:

18 / 68

Status:

Adware

Explanation:

Uses the InstallIQ download installer to bundle various adware offers.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/26/2024 5:21:50 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.DomaIQ

7.1.1

Avira AntiVirus

APPL/DomaIQ.Gen7

7.11.151.96

avast!

DomaIQ-C [PUP]

2014.9-140416

AVG

Generic

2015.0.3503

Comodo Security

UnclassifiedMalware

18318

Dr.Web

Adware.W3i.28

9.0.1.0106

ESET NOD32

Win32/DomaIQ.L potentially unwanted application

8.7.0.302.0

IKARUS anti.virus

APPL

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.178.12184

Malwarebytes

Adware.DomaIQ

v2014.04.16.11

McAfee

Artemis!240D397D1788

5600.7159

Norman

Obfuscated.gen!r

11.20140416

Panda Antivirus

PUP/MultiToolbar.A

14.04.16.11

Qihoo 360 Security

Malware.QVM06.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.TuguuSL.F

14.8.7.18

Sophos

DomainIQ pay-per install

4.98

Trend Micro House Call

TROJ_GE.9192F1DD

7.2.106

VIPRE Antivirus

Threat.4783235

29560

File size:

584.3 KB (598,352 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Tuguu S.L.

Authority:

DigiCert Inc

Valid from:

5/13/2013 8:00:00 PM

Valid to:

7/18/2014 8:00:00 AM

Subject:

CN=Tuguu S.L., OU=U B76539535, O=Tuguu S.L., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

08EC69B75B2FE31EC2C53E0E441AC0E1

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:58 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:8euo2059zH829Xpx2yVh7ib1G+KqnQqcTKBLzstwmq:xj20HcWpFib1G+Kq7h8q

Entry address:

0x325E

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, EC, 42, 00, E8, 09, 2C, 00, 00, A3, A4, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, C0, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, E3, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9629

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

http://dlp.getvideoplayer.com/p/151/Setup/486/.../NyGSWHLm

http://ttb.updatevideos.com/download/request/.../KxBPqfjl?ClickID=nuD0DBzXPQBiMkIBAAAAACqXUgAAAAAAAgAAAAAAAAAAAP8AAAAGEAcHagAAAAAARMxpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOMhcAAAAAAAIBAgAAgD8AouojID8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=&PubID=217374878

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.