home

setup.exe

Tuguu Israel Ltd

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu Israel has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
Tuguu Israel Ltd  (signed and verified)

MD5:
3dc702cf463e410a6f92011fd0cfc26e

SHA-1:
3e0901446926946c6f75d7aa98a89b6d843c91b3

SHA-256:
875ff062eec265820a4aa93dfc4dcc870abef437bcf43c1717d09251e9afe663

Scanner detections:
29 / 68

Status:
Adware

Explanation:
The software bundles potentially unwanted offers during setup including toolbars and adware.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/24/2024 2:22:33 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Generic.10232083
1054

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
Win-Trojan/Agent.487472
14.05.02

Avira AntiVirus
APPL/DomaIQ.Gen2
7.11.138.108

AVG
Skodna.Generic_r
2015.0.3532

Bitdefender
Dropped:Trojan.Generic.10232083
1.0.20.380

Comodo Security
Application.Win32.DomaIQ.D
17974

Dr.Web
Trojan.PayInt.14
9.0.1.076

Emsisoft Anti-Malware
Dropped:Trojan.Generic.10232083
8.14.03.17.10

ESET NOD32
Win32/DomaIQ.AU (variant)
8.9577

F-Prot
W32/Trojan3.HAK
v6.4.7.1.166

F-Secure
Dropped:Trojan.Generic.10232083
11.2014-17-03_2

G Data
Dropped:Trojan.Generic.10232083
14.3.24

herdProtect (fuzzy)
variant of java.exe (Adware)
2014.5.2.7

IKARUS anti.virus
Trojan-Dropper.Agent
t3scan.2.2.29

K7 AntiVirus
Adware
13.176.11524

Kaspersky
not-a-virus:AdWare.Win32.DomaIQ
14.0.0.4155

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.03.17.10

McAfee
Adware-DomaIQ!92B9D4B2D9DA
5600.7188

MicroWorld eScan
Dropped:Trojan.Generic.10232083
15.0.0.228

NANO AntiVirus
Trojan.Win32.PayInt.csficn
0.28.0.58491

Panda Antivirus
PUP/MultiToolbar.A
14.03.17.10

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Quick Heal
Adware.Domal.A5
3.14.12.00

Reason Heuristics
PUP.Installer.TuguuIsrael.I
14.8.7.22

Rising Antivirus
PE:PUF.DomaIQ!1.9EEB
23.00.65.14315

Sophos
DomainIQ pay-per install
4.98

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.24.3

VIPRE Antivirus
DomaIQ
27650

File size:
476 KB (487,440 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Tuguu Israel Ltd

Authority:
DigiCert Inc

Valid from:
6/11/2013 8:00:00 PM

Valid to:
8/20/2014 8:00:00 AM

Subject:
CN=Tuguu Israel Ltd, O=Tuguu Israel Ltd, L=RAMAT GAN, C=IL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
06FD356584CBF71B04A7AFE790A2329F

File PE Metadata
Compilation timestamp:
1/3/2014 8:31:08 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:uYOUJAyVEO8kV0fJOFBezrlMpF2IqcYPoxmtF9h3:rJAySfJOCtMpRqcwoxmf91

Entry address:
0xD162

Entry point:
E8, C5, 63, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 08, 43, 42, 00, E8, C4, 04, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 58, A8, 42, 00, 77, 22, 6A, 04, E8, B0, 65, 00, 00, 59, 83, 65, FC, 00, 56, E8, B7, 6D, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, D0, 04, 00, 00, C3, 6A, 04, E8, AB, 64, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 70, F0, 41, 00, 83, 3D, 1C, A5, 42, 00, 00, 75, 18, E8, 6A, 5C, 00...
 
[+]

Entropy:
7.4428

Code size:
119.5 KB (122,368 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.