setup.exe

Tuguu Israel Ltd

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu Israel has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
Tuguu Israel Ltd  (signed and verified)

MD5:
986eac72a26a1df77b913cf64170f7cf

SHA-1:
845f476903089e628fe19debd946cc8bdb87c5fd

SHA-256:
1b44d343f7716ebdf2e19a2322fdb3eb86f438444b201c7cc7df46f82c1526b6

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The software bundles potentially unwanted offers during setup including toolbars and adware.

Analysis date:
3/2/2014 6:26:02 PM UTC  (five months ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.TuguuIsrael.F
14.3.2.13

File size:
459.6 KB (470,592 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\user\downloads\setup.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
6/11/2013 8:00:00 PM

Valid to:
8/20/2014 8:00:00 AM

Subject:
CN=Tuguu Israel Ltd, O=Tuguu Israel Ltd, L=RAMAT GAN, C=IL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
06FD356584CBF71B04A7AFE790A2329F

File PE Metadata
Compilation timestamp:
12/19/2013 5:02:12 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:9EJc3NtO7cP9wzlVVBnDrmOdxZzukO9VmBCBnA:/tOAyzzvn+4kkyVA

Entry address:
0xD172

Entry point:
E8, C6, 63, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 20, 43, 42, 00, E8, C4, 04, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 58, A8, 42, 00, 77, 22, 6A, 04, E8, B1, 65, 00, 00, 59, 83, 65, FC, 00, 56, E8, B8, 6D, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, D0, 04, 00, 00, C3, 6A, 04, E8, AC, 64, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 7C, F0, 41, 00, 83, 3D, 1C, A5, 42, 00, 00, 75, 18, E8, 6A, 5C, 00...
 
[+]

Entropy:
7.4205

Code size:
119.5 KB (122,368 bytes)

The file setup.exe has been seen being distributed by the following URL.

1 / 68      (Adware)
java7.exe  (ab09cef4810d297c4bc12733e2628dcaebeb097f)

1 / 68      (Adware)
mandela long walk to freedom 2013 dvdscr.exe  (e5a45a8ea7d355dbae14029f439f98944e201199)

1 / 68      (Adware)
stream in hd.exe  (4c528cfd7789f55cbe6f3ef116b43011ac5dcfee)

7 / 68      (Adware)
new_player.exe  (36801f2a064a306d459f2b77693134689e84a07d)

1 / 68      (Adware)
n.exe  (4e9242b5756f2db10e4c35c18b5096668c5a1cab)

1 / 68      (Adware)
player.exe  (757fe08b5b489d1cd5ce447b67b81e8977f56bfd)

1 / 68      (Adware)
browser_update.exe  (b229cc061e9be814674b9ff5a4d9470b82bc0e32)

1 / 68      (Adware)
player setup.exe  (1f9c251ee168d804972886a6c13e3c8ffbac1e13)

1 / 68      (Adware)
download video player.exe  (d1a80ea745f20052040e832abbb59fa40e8a0862)

25 / 68    (Adware)
player_setup.exe  (d7dd88aacdf655754b4c1fa21c4ea2e2c601d50c)

36 / 68    (Adware)
setup.exe  (3e0901446926946c6f75d7aa98a89b6d843c91b3)

38 / 68    (Adware)
setup.exe  (8cbf0a27712752ac081458c0bb16be658eb8b34c)

2 / 68      (Adware)
zip-unzip-utility.msi  (1002ee70df896d5139080af65e589abfe0eeacb3)

30 / 68    (Adware)
setup.exe  (23c3547eb19b0369465f0f17cc4134699e87caa2)

15 / 68    (Adware)
Setup_V2.exe  (a4f363a215c91dceb579c1c4a4cf9068299c379b)

15 / 68    (Adware)
839e7003b3be863e65efc2f7f5f083f7.exe  (6206a0db8e0e6ba6e6e9bbaa0dd64ed80789a10c)

Detection Incidence by Country