home

setup.exe

Tuguu S.L

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu S.L has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Tuguu S.L  (signed and verified)

MD5:
93560ac1edc434fc65ebcde80ee6e4b5

SHA-1:
3253dc900b7db563ce5e0e08fc606fe551d3ac74

SHA-256:
2b8f7b7606ffcff8be00998ea6563b6d942efd0a678dd746c620a2ee090bb5d8

Scanner detections:
32 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/18/2024 10:54:25 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.928698
920

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.07.30

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.144.12

avast!
Win32:DomaIQ-T [PUP]
2014.9-140729

AVG
DomaIQ_r.I
2015.0.3398

Bitdefender
Gen:Variant.Application.Bundler.DomaIQ.3
1.0.20.1050

Clam AntiVirus
Win.Adware.Domaiq-67
0.98/21411

Comodo Security
Application.Win32.DomaIQ.PUP
18121

Dr.Web
Trojan.Packed.26405
9.0.1.0210

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9690

F-Prot
W32/A-fb9f5974
v6.4.7.1.166

F-Secure
Adware:W32/DomaIQ
11.2014-29-07_3

G Data
Win32.Adware.Aquiempi
14.7.24

herdProtect (fuzzy)
variant of ccleaner.exe (Adware)
2014.9.10.4

IKARUS anti.virus
AdWare.SuspectCRC
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.176.11784

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.3485

Malwarebytes
PUP.Optional.DomalQ
v2014.07.29.09

McAfee
Artemis!DB79EA7ADB2B
5600.7054

Microsoft Security Essentials
Threat.Undefined
1.179.1469.0

MicroWorld eScan
Adware.Generic.928698
15.0.0.630

NANO AntiVirus
Riskware.Win32.DomaIQ.cwclqr
0.28.0.59288

nProtect
Trojan-Clicker/W32.Agent.630280
14.07.29.01

Panda Antivirus
PUP/MultiToolbar.A
14.07.29.09

Quick Heal
Adware.DomaIQ.BT5
7.14.14.00

Reason Heuristics
PUP.Installer.TuguuSL.F
14.7.29.20

Rising Antivirus
PE:Trojan.Win32.Generic.16AE4F28!380522280
23.00.65.14727

Sophos
DomainIQ pay-per install
4.98

Total Defense
Win32/DomainIQ.fMBIOBB
37.0.10911

VIPRE Antivirus
DomaIQ
28320

Zillya! Antivirus
Adware.DomaIQ.Win32.201
2.0.0.1775

File size:
615.5 KB (630,280 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Tuguu S.L

Authority:
GlobalSign nv-sa

Valid from:
12/3/2013 1:13:51 PM

Valid to:
12/4/2014 1:13:51 PM

Subject:
E=victor.camacho@tuguu.com, CN=Tuguu S.L, O=Tuguu S.L, L=Adeje, S=Tenerife, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121111958C6091E136AAD058195A273968F

File PE Metadata
Compilation timestamp:
4/1/2014 2:12:58 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:hfXWtsf5ccJzUD+LG4bc4jaiDbYWP2mNb9sXD0matGPW3CPsojvY8iifYZ2o:hfWM5cc5UUc4TxA4aPW3Ckav3iiW2o

Entry address:
0x46DB

Entry point:
E8, 0D, 3D, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, AC, AE, 42, 00, FF, 15, 6C, C0, 41, 00, 85, C0, 75, 18, 56, E8, 80, 12, 00, 00, 8B, F0, FF, 15, 50, C0, 41, 00, 50, E8, CB, 12, 00, 00, 59, 89, 06, 5E, 5D, C3, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, 4D, 12, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, 30, 0C, 00, 00, 59, 8B, F8...
 
[+]

Code size:
106 KB (108,544 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.thesoftdll.com/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.