home

setup.exe

Tuguu SL

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu SL has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
Tuguu SL  (signed and verified)

MD5:
8e5525992a18a1fa0b331be4956f54ad

SHA-1:
24b7ee8c9831f0fd69d6e71a50baa461e19f8a3f

SHA-256:
bd2a84cbef24d29298b9aaa602552a208fb5e4a65c147763c75d6940b05972c3

Scanner detections:
31 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 3:00:35 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11027877
928

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.07.22

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.163.82

avast!
DomaIQ-CC [PUP]
140617-1

AVG
Adware DomaIQ.X
2014.0.3986

Bitdefender
Trojan.Generic.11027877
1.0.20.1015

Clam AntiVirus
Win.Adware.Domaiq-45
0.98/19168

Comodo Security
Application.Win32.DomaIQ.PUT
18930

Dr.Web
Adware.Downware.2215
9.0.1.05190

Emsisoft Anti-Malware
Trojan.Generic.11027877
8.14.07.22.02

ESET NOD32
Win32/DomaIQ.BB potentially unwanted application
7.0.302.0

F-Prot
W32/DomaIQ.E.gen
v6.4.7.1.166

F-Secure
Trojan.Generic.11027877
11.2014-22-07_3

G Data
Trojan.Generic.11027877
14.7.24

IKARUS anti.virus
AdWare.Lollipop
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.181.12795

Kaspersky
not-a-virus:AdWare.Win32.Lollipop
15.0.0.494

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.07.22.02

McAfee
CryptDomaIQ
5600.7062

Microsoft Security Essentials
Threat.Undefined
1.179.723.0

MicroWorld eScan
Trojan.Generic.11027877
15.0.0.609

NANO AntiVirus
Riskware.Win32.Downware.cvxwqj
0.28.2.60990

nProtect
Trojan-Clicker/W32.Lollipop.389256
14.07.21.01

Panda Antivirus
PUP/MultiToolbar.A
14.07.22.02

Quick Heal
Adware.DomaIQ.BT5
7.14.14.00

Reason Heuristics
PUP.Installer.TuguuSL.F
14.8.7.18

Rising Antivirus
PE:Malware.DomaIQ!6.15EA
23.00.65.14720

Sophos
DomainIQ pay-per install
4.98

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.3

VIPRE Antivirus
Threat.4783235
31208

File size:
380.1 KB (389,256 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Tuguu SL

Authority:
COMODO CA Limited

Valid from:
3/19/2013 9:00:00 PM

Valid to:
3/20/2014 8:59:59 PM

Subject:
CN=Tuguu SL, O=Tuguu SL, STREET=Avd Barranco de las Torres N10 Oficina 4A, L=Adeje, S=S/C de Tenerife, PostalCode=38670, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F1F4478174C3E164CE93F4AB63CBA287

File PE Metadata
Compilation timestamp:
3/6/2014 12:25:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:3SI5kqTzKQSzyQoR/M+634/ZaKszyR8Qbti28W/JYT:PpTz9SWQoR/Mb4VszyRi29/K

Entry address:
0x30ED

Entry point:
E8, B2, 3B, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3...
 
[+]

Code size:
55 KB (56,320 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.