home

setup.exe

Tuguu S.L.

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu S.L has been detected as adware by 37 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Tuguu S.L.  (signed and verified)

MD5:
f70b5e86789073050b639712dbf3dc7e

SHA-1:
50afc66b0fec262abf26465397c30077ce25ce96

SHA-256:
c8d2fee9ae8a93a9935b24c53dbc287b2a4967fc18fb9171654babce1e297941

Scanner detections:
37 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/23/2024 5:30:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DomaIQ.7
651

Agnitum Outpost
PUA.Lollipop
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2015.04.25

Avira AntiVirus
PUA/DomaIQ.Gen
3.6.1.96

avast!
DomaIQ-CC [PUP]
2014.9-150425

AVG
Adware DomaIQ.DI
2014.0.4311

Bitdefender
Gen:Variant.Application.Bundler.DomaIQ.8
1.0.20.575

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Domaiq-206
0.98/21511

Comodo Security
Application.Win32.DomaIQ.CC
18306

Dr.Web
Trojan.Packed.26717
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.DomaIQ.Q
9.0.0.4799

ESET NOD32
Win32/DomaIQ.BG potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.2118
4/25/2015

F-Prot
W32/A-febd07ad
v6.4.7.1.166

F-Secure
Riskware.Application.Bundler.DomaIQ
5.13.68

G Data
Application.Bundler.DomaIQ
15.4.25

herdProtect (fuzzy)
variant of java.exe (Adware)
2015.7.26.4

IKARUS anti.virus
AdWare.DomaIQ
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.203.15706

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.2140

Malwarebytes
PUP.Optional.DomaIQ
v2015.04.25.02

McAfee
PUP-FJV!BFB2DED69C0F
5600.6785

Microsoft Security Essentials
Threat.Undefined
1.197.2.0

MicroWorld eScan
Gen:Variant.Application.Bundler.DomaIQ.8
16.0.0.345

NANO AntiVirus
Riskware.Win32.DomaIQ.cyefhy
0.28.0.59921

Norman
Application.Bundler.DomaIQ.Q
03.12.2014 13:20:04

nProtect
Trojan-Clicker/W32.Agent.494896
15.04.24.01

Panda Antivirus
PUP/MultiToolbar.A
15.04.25.02

Quick Heal
Adware.DomaIQ.BT5
4.15.14.00

Reason Heuristics
Threat.Tuguu.Bundler
15.4.24.21

Rising Antivirus
PE:Malware.DomaIQ!6.1977
23.00.65.15423

Sophos
DomainIQ pay-per install
4.98

SUPERAntiSpyware
PUP.DomaIQ/Variant
9915

Total Defense
Win32/DomainIQ.BVMVCMC
37.1.62.1

VIPRE Antivirus
Threat.4150696
29396

Zillya! Antivirus
Adware.DomaIQ.Win32.264
2.0.0.2153

File size:
483.3 KB (494,896 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Tuguu S.L.

Authority:
GoDaddy.com, Inc.

Valid from:
3/17/2014 12:54:13 PM

Valid to:
3/17/2015 12:54:13 PM

Subject:
CN=Tuguu S.L., O=Tuguu S.L., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
04084650990A90

File PE Metadata
Compilation timestamp:
5/8/2014 4:31:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:cWRaLyP7muHusP03zuO4sk08lj5R6WnFNVwhDtHbuKRF7LbPdQ0zYPj:cfyPauHusmzcTVoRHq0F7VQ08j

Entry address:
0x3EFF

Entry point:
E8, 49, 2D, 00, 00, E9, 39, FE, FF, FF, E9, 74, 13, 00, 00, 3B, 0D, 20, 72, 42, 00, 75, 02, F3, C3, E9, 75, 36, 00, 00, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 6C, 9A, 42, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 28, 72, 42, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 6C, 9A, 42, 00, 00, 0F...
 
[+]

Entropy:
6.5519

Code size:
107.5 KB (110,080 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.